-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption of passwords #11
Comments
OK, after some more investigation I think that implementation would not be that hard. There are 2 things to do in order to encrypt passwords:
There are some more questions I have in mind:
|
After more investigation I created 3 pull requests:
In general, I found a low level way encrypt password fields using php_processing hook in Core\Password.class. @benkeen, it would be awesome if you could review the changes. Thanks! |
i would love to see password encryption added to the module. Also a fix for multiple submissions with the same username and password. I think it should detect the same username and password and update the record rather than creating a new one that can no longer be viewed or edited. @kubajal could you fork the module and develop it a bit more? |
I just ran into the same issues:
|
I'm sorry for late response, I haven't visited this thread for a very long time. At the moment I do not have time to take a look into this issue again. |
Thank you and no problem. It was just feedback. |
Hello,
to begin with, Submission Accounts is a very useful module that I want to use in order to register editable submissions in my NGO organization. The problem I am facing is that according to https://docs.formtools.org/userdoc/field_types/ft_passwords/ fields of type "Password" are stored as plain text. It is possible to see their unencrypted value in the database, which imho discourages the usage of Submission Accounts.
Is there any extension to Form Tools that encrypts password fields?
If not, how would such an extension look like? Any tips would be welcome because I have only very basic knowledge of PHP. I assume that the prefered way to implement such a functionality is to use Submission Pre-Parser. There we can extract the password field from the POST request, use some kind of hashing to encrypt it and then save the result to the database, am I right?
Thanks in advance.
The text was updated successfully, but these errors were encountered: