GSoC with OpenMRS — Week 9 Update

Kate Belson
2 min readAug 16, 2021


For week 9, I started research into a password security vulnerability.

The Vulnerability:
When a user creates/changes a password, the current length requirement is 8 characters long. This would be much more secure if it were 12 characters long, so my task was to make it so it could be 12 characters long.

The Fix:
After some research, I discovered that OpenMRS has a file of constant values to be used throughout the program, where password restrictions were declared. I went through this and attempted to change it, but this didn’t work. After a discussion with my mentor, he said that there may be a way to specify a password RegEx based on the constants file, which I could then document on the OpenMRS wiki. I decided to go forward with this plan, starting by researching RegEx.

RegEx (Regular Expressions) are sequences of characters that define a specific search pattern. They are used commonly in checking that email addresses/passwords match a list of requirements, e.g. passwords must be more than 8 characters long, and contain a symbol, a capital letter, and a number. The format of RegEx looks a bit like this: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$, and in can be changed depending on user requirements.


For the final week I will be working on the first XSS vulnerability I attempted to fix again, to see if I can get it working, as well as continuing to work on this issue.



Kate Belson

BSc Computer Science Student at University of Exeter. Participating in Google Summer of Code for OpenMRS.