Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions

onBeforeWrite to decrypt a textfield entry (Problem)


6 Posts   404 Views


11 October 2013 at 10:57pm Community Member, 37 Posts

Hi there,

I've got a Dataobject with a function to decrypt and encrypt the entry in the password text field.
This works until i use getCMSFields to generate my Fields (but I need to do It like that).

Now I'm trying it with onBeforeWrite() but without success.
Here's my code

It would be great if someone could help me

thanks in advance



14 October 2013 at 7:08pm Community Member, 528 Posts

For security reasons its probaly not a great idea to save passwords in thr DB as plain text. In the past I've used a custom getter to decrypt the field in the CMS and just re-encrypt it onbeforewrite, that way the only way someone has access to the data is if they're already logged in to the backend


14 October 2013 at 9:18pm Community Member, 148 Posts

As zenmonkey said, it's a bad idea to save anything with two-way encryption in the database - avoid it if at all possible.

That said, I've also done this before for a project hosted locally. This is the approach I used: I used two salts - one stored in the database against each record, and one stored in the PHP class (i.e. on the filesystem).

Hope this gives you a few pointers.


15 October 2013 at 6:40am Community Member, 37 Posts

@ zenmonkey: It's not saved as plain text, there's a encrypten
@kinglozzer: I find a way to do this with a getter/setter Field. But I'm intressted in how to do this with onBeforeWrite.
I'll try your solution as well.

But Can someone tell me how can I or an attacker decrypt this?


The PAssword is stored like this in the DB


15 October 2013 at 6:56am Community Member, 528 Posts

Here is how I was doing it in SS2.4. The system needed store encrypted data in the database, but still make the un-encrypted values available for admins

Basically I decrypt it into the form, then re-encrypt in onBeforeWrite


16 October 2013 at 9:32pm Community Member, 37 Posts

i think this should do the trick.

i'll test it