Decrypt and retrieve the login password

Decrypt and retrieve the login password

  

Once i login into the application the password seems to be encrypted and stored in the user table. How do I decrypt and rerieve the login password in out systems applicaiton?


Thanks,

Joga

erm, you do not.

not wise to be able to decrypt password..


simply reset it.


J. wrote:

Actually i want to retrieve the username and password from the application Login and pass it in the ajax call for Consuming a REST interface with Basic authentication. I am able to get the Username from the session Variable but the password in the user table seems to encrypted.

erm, you do not.

not wise to be able to decrypt password..


simply reset it.




Srinivasa Commuri wrote:

J. wrote:

Actually i want to retrieve the username and password from the application Login and pass it in the ajax call for Consuming a REST interface with Basic authentication. I am able to get the Username from the session Variable but the password in the user table seems to encrypted.

erm, you do not.

not wise to be able to decrypt password..


simply reset it.




Hello Srinivasa


As J. referred, you should not attempt to decrypt the password. If you're designing an application intergration that requires you to decrypt the password, then you should redesign the solution.


Also, the users passwords are stored in the database using security best practices: they are hashed and not encrypted, to not allow to be decrypted. So you can't decrypt the user password from the OutSystems built-in users model.

What kind of integration are using? Is it for the same system, or a different system?


Cheers



Hello Srinivasa

If you are integrating with a different system you can encrypt and save password of this system and after decrypt. But this is strange because because if you have control of this system I think is better to generate a Access Token to you API and ever necessary reset this Access Token.

Indeed, it would be very unwise to send a password used in the Platform via REST to some external service (especially since Basic Authentication sends the password as plain text (even though the connection itself should be secure and the password is Base64 encoded)).