One way encryption

alizaman
ServiceNow Employee
ServiceNow Employee

‎03-28-2017 05:53 AM

How one way encryption works in the system.

I have set the password field to one way encryption, but could still decrypt it back to plain text.

Using the GlideEncrypter();

Encrypt var kryp = new GlideEncrypter();

var krypPas = kryp.encrypt(user_password);

gr.u_password_array = krypPas; // save password to one-way password field on table

OR

There is a Pwd Change - Local ServiceNow workflow which uses another method which stores password in the user table, where password cannot be decrypted back to plain text.

But what if I want to save passwords in another table/field other than user table, so very little information on user.authenticate method is available for it to be used somewhere else.

var enc = new GlideEncrypter();

var decryptedOldPassword = '' + enc.decrypt(workflow.inputs.u_old_password);

var authed = user.authenticate(userName, decryptedOldPassword);

Thanks

Ali

Labels:
0 Helpfuls
  • 3,388 Views
15 REPLIES 15

Mikkel Alimoot1
Kilo Contributor
In response to Gaetano De Mitr

‎10-24-2017 04:36 AM

Hi Gaetano Di Mitri



If I am not mistaken you can do nothing to decrypt and read a users current password.
I guess the best way of creating and maintaining sufficient password security is by using 3rd part services as SSO or LDAP.



Mikkel


0 Helpfuls