Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom Magento admin config password encryption

I need the password for an sftp server as a config field for a Magento module I'm working on. Adding the field is straightforward enough, but Magento doesn't actually encrypt the value just because it has a frontend_type of password.

<sftp_password translate="label">
    <label>SFTP Password</label>
    <frontend_type>password</frontend_type>
    <sort_order>170</sort_order>
    <show_in_default>1</show_in_default>
    <show_in_website>1</show_in_website>
    <show_in_store>1</show_in_store>
</sftp_password>

I haven't been able to find documentation on how to properly encrypt this value. How can I ensure the password gets encrypted when it's stored in the database?

like image 523
kojiro Avatar asked Nov 29 '12 15:11

kojiro


1 Answers

<sftp_password translate="label">
      <label>SFTP Password</label>
       <frontend_type>obscure</frontend_type>
      <backend_model>adminhtml/system_config_backend_encrypted</backend_model>
      <sort_order>10</sort_order>
      <show_in_default>1</show_in_default>
      <show_in_website>1</show_in_website>
      <show_in_store>0</show_in_store>
</sftp_password>

// assuming that getConfigData return Mage::getStoreConfig($path, $storeId);
$this->getConfigData('sftp_password'); 

frontend_type : Password v.s Obscure

Obscure extend password, but for security reasons it replace the length of the actual password number of '*'s with 6 '*'s so you can't tell the length of the password

See /lib/Varien/Data/Form/Element/

Read more @ XML for Admin Configurations

like image 118
Renon Stewart Avatar answered Oct 18 '22 19:10

Renon Stewart