3373 Posts in 998 Topics by 712 members
|Go to End|
11 October 2013 at 10:57pm
I've got a Dataobject with a function to decrypt and encrypt the entry in the password text field.
This works until i use getCMSFields to generate my Fields (but I need to do It like that).
Now I'm trying it with onBeforeWrite() but without success.
Here's my code http://www.sspaste.com/paste/show/5257c96b0f929
It would be great if someone could help me
thanks in advance
14 October 2013 at 7:08pm
For security reasons its probaly not a great idea to save passwords in thr DB as plain text. In the past I've used a custom getter to decrypt the field in the CMS and just re-encrypt it onbeforewrite, that way the only way someone has access to the data is if they're already logged in to the backend
14 October 2013 at 9:18pm
As zenmonkey said, it's a bad idea to save anything with two-way encryption in the database - avoid it if at all possible.
That said, I've also done this before for a project hosted locally. This is the approach I used: http://pastie.org/8400818. I used two salts - one stored in the database against each record, and one stored in the PHP class (i.e. on the filesystem).
Hope this gives you a few pointers.
15 October 2013 at 6:40am
@ zenmonkey: It's not saved as plain text, there's a encrypten
@kinglozzer: I find a way to do this with a getter/setter Field. But I'm intressted in how to do this with onBeforeWrite.
I'll try your solution as well.
But Can someone tell me how can I or an attacker decrypt this?
The PAssword is stored like this in the DB
15 October 2013 at 6:56am
Here is how I was doing it in SS2.4. The system needed store encrypted data in the database, but still make the un-encrypted values available for admins
Basically I decrypt it into the form, then re-encrypt in onBeforeWrite
16 October 2013 at 9:32pm
i think this should do the trick.
i'll test it
|Go to Top|