Chapter 29. Hashed User Passwords in Database

Table of Contents

Shortcut
Full Route
Create a Test User Account
Test User Authentication
Password Encoding Check
Password Encoding Change

Artur Hefczyc <artur.hefczyc@tigase.net> v2.0, June 2014: Reformatted for AsciiDoc. :toc: :numbered: :website: http://tigase.net :Date: 2012-10-09 03:13

By default user passwords are stored in plain-text in the Tigase’s database. However, there is an easy way to have them encoded in either one of already supported ways or to even add a new encoding algorithm on your own.

The reason to store passwords in plain-text format in the database is to make it possible to avoid plain-text password authentication mechanism. At the moment you cannot have hashed passwords in the database and non-plain-text password authentication. On the other hand, the connection between the server and the client is almost always secured by SSL/TLS so maybe the plain-text password authentication method is less of a problem than storing plain-text passwords in the database.

Nevertheless, it is simple enough to adjust this in Tigase’s database and we will add an option in the Tigase installer to allow you to make the decision at installation time.

Shortcut

Connect to your database from a command line and execute following statement for MySQL database:

call TigPutDBProperty('password-encoding', 'encoding-mode');

Where encoding mode is one of the following:

  • MD5-PASSWORD the database stores MD5 hash code from the user’s password.
  • MD5-USERID-PASSWORD the database stores MD5 hash code from concatenated user’s bare JID and password.
  • MD5-USERNAME-PASSWORD the database stores MD5 hash code from concatenated user’s name (localpart) and password.

For example:

call TigPutDBProperty('password-encoding', 'MD5-PASSWORD');