Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Encrypted Fields

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2
Go to End
Author Topic: 2849 Views
  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Encrypted Fields Link to this post

    Simon,

    you are right.

    Ok so I have gone ahead and used a Xor encryption method which works fine.

    My problem now is trying to pinpoint when and how to decrypt it for display to the admin. Basically on a member signup a field is encrypted and it needs to be visible to the admin only.

    For example when I push the field through to a the member detail popup how am I able to access that info before it is displayed?

    eg. $fields->push(new TextField("PromoCode", "Promo Code"));

    How would I decrypt PromoCode if it was encrypted?

    thanks, hope you can help.

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Encrypted Fields Link to this post

    I suggest that you define a function on your data object

    function getDecryptedPromoCode() {
    if(Permission::check("ADMIN")) return decryptsomehow($this->PromoCode);
    else return "(secret)";
    }

    A function that starts with "get" can be used as a getter; this means that $obj->DecryptedPromoCode will return the decrypted value.

    This means that you can create a form with a field, DecryptedPromoCode, and it will show you the decrypted promo code. The permission check will mean that if you mistakenly show this field to an admin that it won't be a security hole. This is important: security should be implemented in the DataObject layer, and not in the controller/form layer.

    If you want to update the field, you will need to define setDecryptedPromoCode() as well.

    You might do away with the onBeforeWrite() altogether, and instead do this encryption in setDecryptedPromoCode().

  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Encrypted Fields Link to this post

    Thanks Sam I will give that a hit.

  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Encrypted Fields Link to this post

    ok I am racking my brains on this.

    I am extending the Memeber Data Object from what I have learnt from the Forum mod.

    So do I need to use the getDecryptedPromoCode() function within the Member DataObject of in a new Data Object which references that?

    I keep getting Fatal error: Call to undefined function notices when I try to use getDecrypt.....

    I am happy to pay someone to tell me... i am pulling hair out!

  • Blackdog
    Avatar
    Community Member
    156 Posts

    Re: Encrypted Fields Link to this post

    ok I slept on it, then got up followed through what you said with a clear head and it worked first time.

    thanks Sam, I owe ya one.

    EDIT

    For anyone following this up here is something that tripped me up.

    function getDecryptedPromoCode() {
    if(Permission::check("ADMIN")) return decryptsomehow($this->owner->PromoCode);
    else return "(secret)";
    }

    I missed "owner" in my calls and wondered why it was throwing errors. Once that was resolved it was all smooth sailing.

    2849 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.