CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Passwords for payment processors not masked
Pages: [1]

Author Topic: Passwords for payment processors not masked  (Read 1862 times)

lentilsoup

  • I post frequently
  • ***
  • Posts: 134
  • Karma: 6
Passwords for payment processors not masked
December 03, 2009, 12:58:27 pm
When setting up a new payment processor, (civicrm/admin/paymentProcessor), shouldn't the password be masked (i.e. use <input type="password" /> instead of <input type="text" />)?

I couldn't find any issues filed in the tracker about this -- I'll open one if this is considered a valid concern.

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Passwords for payment processors not masked
December 03, 2009, 04:55:14 pm
Since this is an infrequently used admin-only form, AND processor passwords are often quite complex, AND debugging problems based on incorrect password input could potentially be a nightmare - I'm not convinced that this is a good idea.

You might be able to use the smarty plugin crmReplace in your template to change the input type from "text" to "password".

Of course, if we get a lot of folks agreeing that this field SHOULD be masked, I'm open to thinking differently about this :-)
Protect your investment in CiviCRM by  becoming a Member!

rchapman

  • I post occasionally
  • **
  • Posts: 77
  • Karma: 0
Re: Passwords for payment processors not masked
March 03, 2010, 12:10:36 pm
We plan on using this feature on our site, but now we cannot due to the fact that the API cannot be securely input by our IT group. This would be a useful feature to not have to add plugins to mask a secure number.

jamie

  • I post occasionally
  • **
  • Posts: 95
  • Karma: 6
Re: Passwords for payment processors not masked
June 21, 2013, 11:07:57 am
I realize that I'm picking up on a an old threat... but we've experienced this problem too.

I don't think masking using the password input type is the right answer, both for the reasons Dave gives and because anyone with the right browser plugin can unmask these passwords.

I think a better option would be to define a privilege called Administer Payment Processors, so we can give people admin access without giving them access to this piece of sensitive data.

What do you think?

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Passwords for payment processors not masked
June 21, 2013, 11:20:47 am
Hi,

I think that storing password in clear is a security issue but that we can't avoid it (for pp that have the dumb idea of requesting a password instead of a token that you can revoque for instance).

As long as it's stored in clear, it's insecure, don't think a different permission is going to genuinely help. On the other hand, homeopathic security doesn't hurt either so if you think it does, might a least stop the most trivial attacks.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Passwords for payment processors not masked
June 24, 2013, 09:59:23 am
Maybe we can do both - new permission for admin payment processor, and some encryptiong of the stored value with the site key (the IPN code would need to decrypt before sending to the processor of course). ????
Protect your investment in CiviCRM by  becoming a Member!

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Passwords for payment processors not masked
June 24, 2013, 01:55:25 pm
As civi will need to decrypt it, I doubt the key used for the encryption is going to be much of a trouble to find for someone having access to the encrypted key.

Another place where it could as much/as little be useful is for the password of the mail accounts (for inbound or bounce)
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Passwords for payment processors not masked

This forum was archived on 2017-11-26.