-
New Commercial Services Section
We have now opened a commercial services section here on the forum for registered users. If you have a Fabrik project that you wish to have someone work on for you, post it under Help Wanted. If you are an application developer and wish to earn some money helping others, post your details under Fabrik Application Developers.
Both of these are unmoderated. It will be up to both parties to work out the details and come to an agreement.
-
Joomla 5.1
For running J!5.1 you must https://fabrikar.com/forums/index.php?wiki/update-from-github/ or include the new file manually https://fabrikar.com/forums/index.php?threads/joomla-5-1-and-fabrik-cannot-find-files-error.54473/post-285151 See also Announcements
Encrypt Fabrik Connection Password
- Thread starter hvarun
- Start date
cheesegrits
Support Gopher
Interesting you should ask that, I was actually in the middle of working on some changes to it, to use a more secure crypto method.
When you say "storing it manually", do you mean outside of J! entirely?
We currently do this:
... prior to storing the #__fabrik_connections data.
The FabrikWorker::getCrypt() does this:
... which is obviously suboptimal, as it stores using the (very!) deprecated and insecure JCryptCipherSimple. Although if someone is reading your #__fabrik_connections table, you probably already have bigger problems to worry about.
So anyway, as long as you are within J!, you can use the code form that helper function to encrypt your password such that we can then decrypt it. If you are running in a Fabrik context, you could use that helper function directly.
If you are outside of J!, you'd have to emulate the JCrypt / JCryptCipherSimple encoding, using the 'secret' from your J! configuration.php.
-- hugh
When you say "storing it manually", do you mean outside of J! entirely?
We currently do this:
Code:
$crypt = FabrikWorker::getCrypt();
$data['password'] = $crypt->encrypt($data['password']);... prior to storing the #__fabrik_connections data.
The FabrikWorker::getCrypt() does this:
Code:
public static function getCrypt()
{
jimport('joomla.crypt.crypt');
jimport('joomla.crypt.key');
$config = JFactory::getConfig();
$secret = $config->get('secret', '');
if (trim($secret) == '')
{
throw new RuntimeException('You must supply a secret code in your Joomla configuration.php file');
}
$key = new JCryptKey('simple', $secret, $secret);
$crypt = new JCrypt(new JCryptCipherSimple, $key);
return $crypt;
}... which is obviously suboptimal, as it stores using the (very!) deprecated and insecure JCryptCipherSimple. Although if someone is reading your #__fabrik_connections table, you probably already have bigger problems to worry about.
So anyway, as long as you are within J!, you can use the code form that helper function to encrypt your password such that we can then decrypt it. If you are running in a Fabrik context, you could use that helper function directly.
If you are outside of J!, you'd have to emulate the JCrypt / JCryptCipherSimple encoding, using the 'secret' from your J! configuration.php.
-- hugh