Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions /

onBeforeWrite to decrypt a textfield entry (Problem)


Reply


6 Posts   447 Views

Avatar
cSGermany

Community Member, 37 Posts

11 October 2013 at 10:57pm

Hi there,

I've got a Dataobject with a function to decrypt and encrypt the entry in the password text field.
This works until i use getCMSFields to generate my Fields (but I need to do It like that).

Now I'm trying it with onBeforeWrite() but without success.
Here's my code http://www.sspaste.com/paste/show/5257c96b0f929

It would be great if someone could help me

thanks in advance

cSGermany

Avatar
zenmonkey

Community Member, 532 Posts

14 October 2013 at 7:08pm

For security reasons its probaly not a great idea to save passwords in thr DB as plain text. In the past I've used a custom getter to decrypt the field in the CMS and just re-encrypt it onbeforewrite, that way the only way someone has access to the data is if they're already logged in to the backend

Avatar
kinglozzer

Community Member, 171 Posts

14 October 2013 at 9:18pm

As zenmonkey said, it's a bad idea to save anything with two-way encryption in the database - avoid it if at all possible.

That said, I've also done this before for a project hosted locally. This is the approach I used: http://pastie.org/8400818. I used two salts - one stored in the database against each record, and one stored in the PHP class (i.e. on the filesystem).

Hope this gives you a few pointers.

Avatar
cSGermany

Community Member, 37 Posts

15 October 2013 at 6:40am

@ zenmonkey: It's not saved as plain text, there's a encrypten
@kinglozzer: I find a way to do this with a getter/setter Field. But I'm intressted in how to do this with onBeforeWrite.
I'll try your solution as well.

But Can someone tell me how can I or an attacker decrypt this?

5LuFlpNpG95oFlC3Ycv+/NQHunFEILhSz/d/lhcVGnw=


The PAssword is stored like this in the DB

Avatar
zenmonkey

Community Member, 532 Posts

15 October 2013 at 6:56am

Here is how I was doing it in SS2.4. The system needed store encrypted data in the database, but still make the un-encrypted values available for admins

http://www.sspaste.com/paste/show/525c2e55f1cdf

Basically I decrypt it into the form, then re-encrypt in onBeforeWrite

Avatar
cSGermany

Community Member, 37 Posts

16 October 2013 at 9:32pm

thx,
i think this should do the trick.

i'll test it