Encrypt/Decrypt passwords
 
Forums / SmartComponent Library - Developer Forum / Encrypt/Decrypt passwords

Encrypt/Decrypt passwords

3 posts, 1 answered
  1. Roger Blanchard
    Roger Blanchard avatar
    413 posts
    Registered:
    29 Jun 2018
    23 Aug 2019
    Link to this post
    We store passwords for ftp sites, amazons3, etc..encrypted in the database. When assigning these values such as "password1234" in the UI we then need that encrypted and stored in the DB.

    I was thinking the best place to do this would be in the BE in ValidateData. We would take the value from the TT and encrypt it before the SaveChanges is called.

    Then in ReceiveData we would decrypt it so we would have the clear text for use.

    Is this the best place to encrypt/decrypt?
  2. Mike Fechner
    Mike Fechner avatar
    342 posts
    Registered:
    14 Sep 2016
    Answered
    23 Aug 2019 in reply to Roger Blanchard
    Link to this post
    Hi Roger,

    in general your solution would work. However, I would choose different path - given the sensibility of decryptable passwords.

    Rather than including the decrypted passwords in every response of the Business Entity I would return them to a caller only in a separate invokable method. The Service Interface could protect that method to give you the extra level of security. 

    If security is really a concern however, I would not implement the decryption of the passwords in the Business Entity at all. Whoever (the process that does the FTP) should be able to decrypt themselves. So they'd need to know the password algorithm and salt.
  3. Roger Blanchard
    Roger Blanchard avatar
    413 posts
    Registered:
    29 Jun 2018
    23 Aug 2019 in reply to Mike Fechner
    Link to this post
    Thanks Mike
3 posts, 1 answered