GSoC with OpenMRS — Week 9 Update
--
For week 9, I started research into a password security vulnerability.
The Vulnerability:
When a user creates/changes a password, the current length requirement is 8 characters long. This would be much more secure if it were 12 characters long, so my task was to make it so it could be 12 characters long.
The Fix:
After some research, I discovered that OpenMRS has a file of constant values to be used throughout the program, where password restrictions were declared. I went through this and attempted to change it, but this didn’t work. After a discussion with my mentor, he said that there may be a way to specify a password RegEx based on the constants file, which I could then document on the OpenMRS wiki. I decided to go forward with this plan, starting by researching RegEx.
RegEx:
RegEx (Regular Expressions) are sequences of characters that define a specific search pattern. They are used commonly in checking that email addresses/passwords match a list of requirements, e.g. passwords must be more than 8 characters long, and contain a symbol, a capital letter, and a number. The format of RegEx looks a bit like this: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,}$, and in can be changed depending on user requirements.
For the final week I will be working on the first XSS vulnerability I attempted to fix again, to see if I can get it working, as well as continuing to work on this issue.
