Hi there,

I've got a Dataobject with a function to decrypt and encrypt the entry in the password text field.
This works until i use getCMSFields to generate my Fields (but I need to do It like that).

Now I'm trying it with onBeforeWrite() but without success.
Here's my code http://www.sspaste.com/paste/show/5257c96b0f929

It would be great if someone could help me

thanks in advance

cSGermany

For security reasons its probaly not a great idea to save passwords in thr DB as plain text. In the past I've used a custom getter to decrypt the field in the CMS and just re-encrypt it onbeforewrite, that way the only way someone has access to the data is if they're already logged in to the backend

As zenmonkey said, it's a bad idea to save anything with two-way encryption in the database - avoid it if at all possible.

That said, I've also done this before for a project hosted locally. This is the approach I used: http://pastie.org/8400818. I used two salts - one stored in the database against each record, and one stored in the PHP class (i.e. on the filesystem).

Hope this gives you a few pointers.

@ zenmonkey: It's not saved as plain text, there's a encrypten
@kinglozzer: I find a way to do this with a getter/setter Field. But I'm intressted in how to do this with onBeforeWrite.
I'll try your solution as well.

But Can someone tell me how can I or an attacker decrypt this?

5LuFlpNpG95oFlC3Ycv+/NQHunFEILhSz/d/lhcVGnw=

Here is how I was doing it in SS2.4. The system needed store encrypted data in the database, but still make the un-encrypted values available for admins

http://www.sspaste.com/paste/show/525c2e55f1cdf

Basically I decrypt it into the form, then re-encrypt in onBeforeWrite

thx,
i think this should do the trick.

i'll test it