#104 Password encryption uses base-64 encoding

[Anonymous]

org/efs/openreports/util/EncryptedStringUserType.java is responsible for encryption of the account passwords in the database but it uses org.apache.commons.codec.net.BCodec which is a base 64 encoding library. This means that even when you enable this feature no actual encryption is performed.

It would be better if real password encryption happened but it would be best if the administrator could set a custom salt and the password was stored with a sha-256 or better hash.