14 October 2013 at 7:08pm
For security reasons its probaly not a great idea to save passwords in thr DB as plain text. In the past I've used a custom getter to decrypt the field in the CMS and just re-encrypt it onbeforewrite, that way the only way someone has access to the data is if they're already logged in to the backend
14 October 2013 at 9:18pm
As zenmonkey said, it's a bad idea to save anything with two-way encryption in the database - avoid it if at all possible.
That said, I've also done this before for a project hosted locally. This is the approach I used: http://pastie.org/8400818. I used two salts - one stored in the database against each record, and one stored in the PHP class (i.e. on the filesystem).
15 October 2013 at 6:40am
@ zenmonkey: It's not saved as plain text, there's a encrypten
@kinglozzer: I find a way to do this with a getter/setter Field. But I'm intressted in how to do this with onBeforeWrite.
I'll try your solution as well.
But Can someone tell me how can I or an attacker decrypt this?