Changing the Hash Algorithm

Changing the Hash Algorithm
ActiveGrid supports user authentication against database and LDAP. By default, ActiveGrid uses the MD5 hash algorithm used for authentication is. This appendix explains how to configure ActiveGrid to use any hash algorithm. This appendix contains the following sections:
About User Authentication
If you select the Is Password Encrypted? check box in the SignOn Wizard (“Adding a SignOn Page” on page 79), then ActiveGrid expects passwords in database to be encrypted with the hash algorithm. The authentication logic hashes the user-entered password before doing a comparison. By default, the hash algorithm is MD5. The following section, “Using a Different Hash Algorithm”, explains how to use any custom algorithm instead.
Using a Different Hash Algorithm
MD5 is the default password hash algorithm, but you can alternatively custom-define your own one-way hash algorithm.
To do this, you make use of the hashPassword() operation in the ActiveGrid Security Service. The hashPassword() operation takes a password string and returns a hashed password.
To override the default hash implementation, follow these steps:
1.
For example, in Python:
import activegrid.server.security as security
class MyPlugin(security.DBSecurityPlugin):
def hashPassword(self, password):
# your own hash algorithm logic goes here
return password
In PHP:
<?php
require_once 'activegrid/server/security.php';
 
class MyPlugin extends ag_DBSecurityPlugin {
public function hashPassword($password) {
# your own hash algorithm logic goes here
return $password;
}
}
?>
2.
For example, Python:
Class Name: my.MyPlugin
In PHP:
Code Filename: my.php
Class Name: MyPlugin
Other Uses for the hashPassword() Operation
You can use the hashPassword() operation anywhere in your application. For example, you could add an invoke hashPassword() operation to your “insert user” BPEL logic. Then you can hash the input password before storing it into the database.

ActiveGrid
Application Developer's Guide
Version 2.0