How Do You Verify Password Encoding for Users and Customers in Hybris Commerce?

Hybris Commerce's default encoding strategy is plain text. Obviously, this encoding strategy is not safe, and must be changed before going live with your Hybris implementation. To verify the encoding strategy has been changed from plain text, you should run the following FlexibleSearch query in HAC or backoffice:

select {uid},{password},{encodedPassword}, {passwordEncoding} from {user} where {passwordEncoding} != 'md5' or {passwordEncoding} != 'sha256' or {passwordEncoding} != 'sha512' or {passwordEncoding} != 'pbkdf2'

Marc Raygoza

Marc is the Founder of
He enjoys helping others learn more about SAP Commerce Cloud (Hybris). Marc is a SAP Commerce Certified Professional and has held the role of SAP Commerce Cloud Architect at Deloitte, PwC, Brillio (a Bain Company), and Nasty Gal. Marc holds an M.S. Software Engineering from Carnegie Mellon University and a B.S. in Accountancy from California State University, Fresno. He can be reached at:

You may also like...

Popular Posts