I created Credit Card entries using OfBiz 10.04. In the Web Tools and when I export to XML I can see the credit card number I entered in plain text. I expected that they would show up like UserLogin.currentPassword. I am currently using test card numbers. Is it possible there is a property file setting I am missing? Otherwise it looks like if a malicious user was able to get access to the "Web Tools" application they could steal credit card numbers.

I checked the credit_card database table using a sql tool and the values do look encrypted in some way, but unlike the user_login table it does not have an SHA prefix "{SHA}[long string of digits]"

Reply via email to