JUser Plugin and Password Safety

[SoilentRed]

I have a form using the JUser Plugin. This plugin creates Joomla Users. Great!
I have a password field in there. I noticed that this is storing passwords to the database. How can I retroactively encrypt these passwrds in the DB and encrypt them moving forward? Is that possible, or do I need to create a new form. Is it possible to not even store the password and just pass it to Joomla?
Thanks!

 

[troester]

The password element is storing encrypted.
Where are you seeing plain text passwords?

 

[SoilentRed]

In phpMyAdmin.

 

[troester]

In a column belonging to a password element (plugin type = password)?
Which Joomla and Fabrik?

 

[SoilentRed]

In in the Joomla Users DB Table, the password is encrypted. In the database on phpmyadmin for the table created fabrik's list, the passwords are not encrypted. When you look at the list on Joomla, it shows up like this ****************. My goal is to retroactivle encrypt that column and have everything encrypted in it moving forward, of course without messing things up.

 

[troester]

I assume you don't use a password element but a simple field with "input type" = password.

You can set a field element to "Encrypt data" (in Access settings) but I really don't know how this is doing with existing records.
I think there was a thread somewhere about element encryption

 

[SoilentRed]

Do have the input type set to password, yes.

I guess it doesn't matter what happens to the existing record in the fabrik table, as long as it doesn't break the joomla users table. I'll test it out.

 

[cheesegrits]

You should be able to set the element to encrypted. When you save the settings after changing that, Fabrik should attempt to encrypt the entire column. But I suggest you do an Akeeba backup first.

-- hugh