GSoC with OpenMRS — Week 9 Update

For week 9, I started research into a password security vulnerability.

The Vulnerability:
When a user creates/changes a password, the current length requirement is 8 characters long. This would be much more secure if it were 12 characters long, so my task was to make it so it could be 12 characters long.

The Fix:
After some research, I discovered that OpenMRS has a file of constant values to be used throughout the program, where password restrictions were declared. I went through this and attempted to change it, but this didn’t work. After a discussion with my mentor, he said that there may be a way to specify a password RegEx based on the constants file, which I could then document on the OpenMRS wiki. I decided to go forward with this plan, starting by researching RegEx.

RegEx:
RegEx (Regular Expressions) are sequences of characters that define a specific search pattern. They are used commonly in checking that email addresses/passwords match a list of requirements, e.g. passwords must be more than 8 characters long, and contain a symbol, a capital letter, and a number. The format of RegEx looks a bit like this: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$, and in can be changed depending on user requirements.

Socials:
LinkedIn
GitHub

For the final week I will be working on the first XSS vulnerability I attempted to fix again, to see if I can get it working, as well as continuing to work on this issue.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kate Belson

BSc Computer Science Student at University of Exeter. Participating in Google Summer of Code for OpenMRS.