Encrypting users passwords

9 posts by 5 authors in: Forums > CMS Builder
Last Post: February 14, 2011   (RSS)

By Twocans - January 30, 2011

Hello,
I have just started to play with the cms for the virst time, all seems to be working and I am having fun.

But, I have created some user accounts as I am the admin. When I then use navicat to view my database I see that the passwords for both users and admin are not encryped, this is sometime I feel is very important. Is there something in the control panel that I can check that will make all passwords entered and saved encryped.


cheers

k

Re: [twocans] Encrypting users passwords

By Jason - January 31, 2011

Hi,

Currently CMS Builder doesn't support encrypting passwords in the database. This is something we're considering implementing in the future.

There is a trade off between security and usability. For example, if a user forgets their password, we have functionality that can send them a reminder of what their password is. If we encrypt the password, we would have to have them reset it.

That being said, CMS Builder is still a very secure piece of software. We've never had a customer have their server hacked as a result of our software.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Encrypting users passwords

By Twocans - February 1, 2011

Hello,
Thanks for your reply

re CMS Builder is still a very secure piece of software. We've never had a customer have their server hacked as a result of our software."

That is great to know. But I am just looking at things from my side, I usually use Navicat for my database, what if someone got access to that then got to the database and played silly buggers with the passwords etc.

I do think it is very important to have the encrypted passwords and would very much like to see it implemented in the future, even as a plugin which also offered captcha.

k

Re: [twocans] Encrypting users passwords

By pod9 - February 10, 2011

hi, my customer has just raised this same concern re passwords not being encrypted. is there any way to encrypt passwords at all?
Pod9

Re: [pod9] Encrypting users passwords

It would be great if something like this was added to all passwords entered both in the cms and the membership plugin.

http://pajhome.org.uk/crypt/md5/


kenny

Re: [twocans] Encrypting users passwords

Here I attach a page that encryots the password. To test it out you just need to put the testlogin.php and the testmd5 dir at root level and test the apge testlogin.asp

I am now trying to figure how I can add the md5 to the apsswords been inserted using the cms


k
Attachments:

testlogin-with-md5.zip 14K

Re: [twocans] Encrypting users passwords

By ross - February 10, 2011

Hi twocans

Thanks for posting the example. There is actually quite a bit of work that goes into updating CMS Builder to work with encrypted passwords so it's something we would end up working with you on through our consulting service (consulting@interactivetools.com). Drop me a line through that and we can go over the options.

Thanks!
-----------------------------------------------------------
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com

Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/

Re: [ross] Encrypting users passwords

Ross thanks for the reply,

All in all I have create websites in asp over the last few years, I use to and still do use a few dreamweaver extensions that do a great job of inserting/ updating/ deleting content etc also a few extensions that offer login features along with encrypted passwords etc. I did have a poke at your cms a few times in the demo, I see it was a way to move over to php. I could go back to re purchasing all my dreamweaver extensions in php but I wanted to really have a good play at what you guys have before making a final decision.

Any way I do find most of my customers would require encrypted passwords, also for the website membership plug-in I and what customers I find feel this is a very important feature. I would like to work with your products in the future, but you mention it is a lot of work to update the cms to do this. I feel it is not in my interest to pay for such a thing so I will have to make my decision in the near future do I find a product else where. I was thinking if you guys were doing some updates that would mean we would have extra features in the next 6 months then I would hang around and wait.

any way, I do like your cms, but it is these few details that really make a difference.

cheers

Kenny