GSoC with OpenMRS — Week 9 Update

For week 9, I started research into a password security vulnerability.

The Vulnerability:
When a user creates/changes a password, the current length requirement is 8 characters long. This would be much more secure if it were 12 characters long, so my task was to make it so it could be 12 characters long.

The Fix:
After some research, I discovered that OpenMRS has a file of constant values to be used throughout the program, where password restrictions were declared. I went through this and attempted to change it, but this didn’t work. After a discussion with my mentor, he said that there may be a way to specify a password RegEx based on the constants file, which I could then document on the OpenMRS wiki. I decided to go forward with this plan, starting by researching RegEx.

RegEx:
RegEx (Regular Expressions) are sequences of characters that define a specific search pattern. They are used commonly in checking that email addresses/passwords match a list of requirements, e.g. passwords must be more than 8 characters long, and contain a symbol, a capital letter, and a number. The format of RegEx looks a bit like this: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$, and in can be changed depending on user requirements.

Socials:
LinkedIn
GitHub

For the final week I will be working on the first XSS vulnerability I attempted to fix again, to see if I can get it working, as well as continuing to work on this issue.

--

--

--

BSc Computer Science Student at University of Exeter. Participating in Google Summer of Code for OpenMRS.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

BFT giveaway carnival, deposit and trade BFT to win 2.2 million BFT and 1600USDT

Sorceress Airdrop Event Recap

Fair Launch of $TWO Token

Facebook and your right to privacy

Token Creator v.1.0

{UPDATE} Apollo Eagle Hack Free Resources Generator

{UPDATE} Waffen Helden Hack Free Resources Generator

XSS All Resources In One Blog

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kate Belson

Kate Belson

BSc Computer Science Student at University of Exeter. Participating in Google Summer of Code for OpenMRS.

More from Medium

Repost of a pre pandemic article- Is tracking everyone to fight Covid-19 is utter madness, or a…

Project #4: External Sensor

VMWARE — CASESTUDY

Stader Labs Deep Dive Essay