It's a two-way encryption (for obvious reasons), I'm pretty sure the numbers remain encrypted when viewed through webtools but are purposely decrypted when exporting the table to facilitate database migrations and the like.
Regards Scott HotWax Media http://www.hotwaxmedia.com On 29/01/2011, at 3:36 AM, Stephen Rufle wrote: > I created Credit Card entries using OfBiz 10.04. In the Web Tools and when I > export to XML I can see the credit card number I entered in plain text. I > expected that they would show up like UserLogin.currentPassword. I am > currently using test card numbers. Is it possible there is a property file > setting I am missing? Otherwise it looks like if a malicious user was able to > get access to the "Web Tools" application they could steal credit card > numbers. > > I checked the credit_card database table using a sql tool and the values do > look encrypted in some way, but unlike the user_login table it does not have > an SHA prefix "{SHA}[long string of digits]"
smime.p7s
Description: S/MIME cryptographic signature
