How Do You Verify Password Encoding for Users and Customers in Hybris Commerce?

Hybris Commerce's default encoding strategy is plain text. Obviously, this encoding strategy is not safe, and must be changed before going live with your Hybris implementation. To verify the encoding strategy has been changed from plain text, you should run the following FlexibleSearch query in HAC or backoffice:

select {uid},{password},{encodedPassword}, {passwordEncoding} from {user} where {passwordEncoding} != 'md5' or {passwordEncoding} != 'sha256' or {passwordEncoding} != 'sha512' or {passwordEncoding} != 'pbkdf2'

Marc Raygoza

Marc is the Founder of
He enjoys helping others learn more about SAP Hybris Commerce. Marc is a SAP Commerce Certified Professional and has held the role of Hybris Architect at Deloitte, PWC, Exemplis and Nasty Gal. He is a long-time Java/Spring developer. Marc holds an M.S. Software Engineering from Carnegie Mellon University and a B.S. in Accountancy from California State University, Fresno. He can be reached at:

You may also like...

Popular Posts

Leave a Reply

Your email address will not be published. Required fields are marked *