It seems that the "AttributePassword" field type allows us to create password field. However, I noticed that the value is not encrypted in the database. On the other hand, "AttributeEncryptedString" type will encrypt the value in DB and auto decrypt value in the UI (i.e. display as plaintext in the UI).
Is there any way to combine the functionality of these 2 field types (i.e. display in UI as password field and data value is encrypted in DB)? An alternative that I could think of is by setting the field as AttributeEncryptedString then include custom JS file on each page to turn the text field into password field. Is there a better alternative?
Thank you in advance.
Kind regards,
Ray
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm using iTop v2.4 and I'm trying to create a custom password field for a class (not related to user). I was looking on a way to implement this using XML extension and took a look at how the "Mail to ticket automation" extension handle password and come across a field called <field id="password" xsi:type="AttributePassword"> in combodo-mail-to-ticket-automation/combodo-email-synchro/datamodel.combodo-email-synchro.xml.
I was trying to use this field type ("AttributePassword") for my custom password field, however, it seems that the value is not encrypted in the database (I believe you could check table name mailinbox_base with column password).
That said is it possible to use <field id="password" xsi:type="AttributeOneWayPassword"> to achieve the above functionality (i.e. display in UI as password field and data value is encrypted in DB)?
Thank you in advance and I look forward to hearing from you.
Kind regards,
Ray
Last edit: ray 2021-01-26
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
It seems that the "AttributePassword" field type allows us to create password field. However, I noticed that the value is not encrypted in the database. On the other hand, "AttributeEncryptedString" type will encrypt the value in DB and auto decrypt value in the UI (i.e. display as plaintext in the UI).
Is there any way to combine the functionality of these 2 field types (i.e. display in UI as password field and data value is encrypted in DB)? An alternative that I could think of is by setting the field as AttributeEncryptedString then include custom JS file on each page to turn the text field into password field. Is there a better alternative?
Thank you in advance.
Kind regards,
Ray
Hello,
By default local users passwords (that means the UserLocal.password field) are encrypted, as this field is an AttributeOneWayPassword.
This was made a long time ago... What iTop version are you running ?
In which table field did you saw such unencrypted password ?
Hello Pierre,
Thank you very much for the help!
I'm using iTop v2.4 and I'm trying to create a custom password field for a class (not related to user). I was looking on a way to implement this using XML extension and took a look at how the "Mail to ticket automation" extension handle password and come across a field called
<field id="password" xsi:type="AttributePassword">incombodo-mail-to-ticket-automation/combodo-email-synchro/datamodel.combodo-email-synchro.xml.I was trying to use this field type ("AttributePassword") for my custom password field, however, it seems that the value is not encrypted in the database (I believe you could check table name
mailinbox_basewith columnpassword).That said is it possible to use
<field id="password" xsi:type="AttributeOneWayPassword">to achieve the above functionality (i.e. display in UI as password field and data value is encrypted in DB)?Thank you in advance and I look forward to hearing from you.
Kind regards,
Ray
Last edit: ray 2021-01-26