View Issue Details

IDProjectCategoryView StatusLast Update
0006036OXID eShop (all versions)2.2. Shop settingspublic2016-07-18 10:56
ReporterGhostGambler 
PrioritynormalSeverityfeatureReproducibilityalways
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006036: Config values are stored as encoded, which is simply annoying.
DescriptionThe config values are mostly stored with usage of the MySQL function ENCODE.

I do not see any reason to do so, since the code is practically open source. Anyone can change and modify whatever one wants. But the encoding is totally annoying for anyone doing serious development with your shop software. I am not the only one who is annoyed:
http://felicitus.org/2014/02/26/rants-for-today/
TagsNo tags attached.
ThemeAzure
BrowserAll
PHP Versionany
MySQL Versionany

Activities

QA

2015-02-20 11:39

administrator   ~0010688

Store config data encrypted in the database?

DECODE() and ENCODE() is used with a public known key to store data in the OXCONFIG table. The key is actually the same for each installation and shop version.

Additionally, some contents of the OXCONFIG table are stored as temporary, unencrypted data in the tmp folder anyways.