On 05/31/2012 01:23 PM, Perry Peeters wrote: > Yes, I did mean the pdf password > This is how the xml file I'm using to test looks like: > > <djigzo> > <user> > <email>[email protected]</email> > > <property><name>user.password</name><value>zeergeheim</value><encrypted>true</encrypted></property> > </user> > </djigzo> > > Logging into the Djigzo portal as admin I see the password of the user as > "zeergeheim", > not encrypted. > Isn't the Password field under Password the pdf password ? > If so, why is it not encrypted ?
Ah oke I now understand what you mean. The PDF password is stored encrypted on the database (it is encrypted with the system password). When it is retrieved it is however decrypted. The reason why the PDF password must be stored "plain text" (note the quotes) is that in order to encrypt the PDF, access to the password is required. It cannot be a hashed password since the PDF must be encrypted with the real password. If you want improved security you should use the OTP mode. Kind regards, Martijn Brinkers > Re: [Djigzo users] Djigzo CLI tool - importing XML file > > I assume you mean the PDF password. If you download the example xml file > (www.djigzo.com/downloads/djigzo-import.xml) it shows you how to make > sure that the password is encrypted. If the encrypted property is set to > true, the property value will be encrypted when set. > > the PDF password with value "test1" will be stored encrypted because the > encrypted property is true: > > <property> > <name>user.password</name> > <value>test1</value> > <encrypted>true</encrypted> > </property> > > Note: you can (and should) only encrypt properties which should be > stored encrypted. > > Kind regards, > > Martijn Brinkers > -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
