how were the CC entered?
=========================
BJ Freeman
Strategic Power Office with Supplier Automation
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist
Chat Y! messenger: bjfr33man
Stephen Rufle sent the following on 1/28/2011 6:36 AM:
I created Credit Card entries using OfBiz 10.04. In the Web Tools and
when I export to XML I can see the credit card number I entered in plain
text. I expected that they would show up like UserLogin.currentPassword.
I am currently using test card numbers. Is it possible there is a
property file setting I am missing? Otherwise it looks like if a
malicious user was able to get access to the "Web Tools" application
they could steal credit card numbers.
I checked the credit_card database table using a sql tool and the values
do look encrypted in some way, but unlike the user_login table it does
not have an SHA prefix "{SHA}[long string of digits]"
