I checked the credit_card database table using a sql tool and the values do look encrypted in some way, but unlike the user_login table it does not have an SHA prefix "{SHA}[long string of digits]"
I created Credit Card entries using OfBiz 10.04. In the Web Tools and
when I export to XML I can see the credit card number I entered in plain
text. I expected that they would show up like UserLogin.currentPassword.
I am currently using test card numbers. Is it possible there is a
property file setting I am missing? Otherwise it looks like if a
malicious user was able to get access to the "Web Tools" application
they could steal credit card numbers.
- CreditCard Entity XML export Stephen Rufle
- Re: CreditCard Entity XML export BJ Freeman
- Re: CreditCard Entity XML export Scott Gray
- Re: CreditCard Entity XML export Stephen Rufle
- Re: CreditCard Entity XML export Scott Gray
