You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Ritz123 <ri...@gmail.com> on 2008/06/01 01:23:49 UTC

Re: Garbled credit card numbers? - BUG

Thanks David for fixing it (and so quickly), I will try the latest out and
let you know if there is any issue.



David E Jones wrote:
> 
> 
> Thank you for reporting this and looking into it Ritesh. A fix is  
> committed in SVN rev 662090.
> 
> The testing I did was somewhat minimal, just viewing the entity  
> PaymentMethodAndCreditCard through the WebTools Entity Data  
> Maintenance screens. The credit card number now comes through properly  
> there instead of the encoded String.
> 
> -David
> 
> 
> On May 30, 2008, at 11:56 AM, Ritz123 wrote:
> 
>>
>> The thread you pointed me to mentions they are automatically and
>> transparently decrypted  at runtime and I looked into the code to  
>> confirm,
>> it is indeed getting decrypted at runtime by findBy* methods by  
>> checking  if
>> field.getEncrypt() == true.
>>
>> Also if you want to display the credit card number  back to the user
>> (editcreditcard.ftl does that) in order for them to modify or for  
>> whatever
>> other reasons, one needs decrypted field. Its another story that
>> editcreditcard.ftl and related code replaces all but last 4 digits  
>> with *
>> for security, but the # of digits (chars) returned will depend on  
>> the type
>> of card used. Encrypted chars are longer than the original cc #.
>>
>>
>> BJ Freeman wrote:
>>>
>>> I may be off on this, but my understanding is you can not decode
>>> encrypted fields. you have to encrypt the new data then compare the
>>> encryption data against each other.
>>>
>>> Ritz123 sent the following on 5/30/2008 9:29 AM:
>>>> Thanks BJ for the pointer. I guess from next time onwards, I will  
>>>> search
>>>> the
>>>> dev list too.
>>>>
>>>> But seems like there is a bug or atleast the functionality is not  
>>>> fully
>>>> coded. When you use tables with encrypted fields in view entity -  
>>>> the
>>>> fields
>>>> are NOT decoded. They are decoded only if you do a findBy on that  
>>>> entity
>>>> directly or atleast that is what I am seeing happening at runtime  
>>>> and
>>>> looking at the code.
>>>>
>>>> May be an Ofbiz commiter can confirm.
>>>>
>>>>
>>>> BJ Freeman wrote:
>>>>> did a search through google
>>>>> ofbiz credit card entity encrypt
>>>>> here is a link
>>>>> http://lists.ofbiz.org/pipermail/dev/2004-September/006391.html
>>>>>
>>>>>
>>>>> Ritz123 sent the following on 5/29/2008 5:43 PM:
>>>>>> Hi,
>>>>>>
>>>>>> Does createCreditCard service store Credit Card Number in the
>>>>>> CREDIT_CARD
>>>>>> table as some kind of encoded or garbled text or stores it in  
>>>>>> clear?
>>>>>>
>>>>>> I see the values encoded but looked at the service code and it  
>>>>>> doesnt
>>>>>> seem
>>>>>> like it is encoded.
>>>>>>
>>>>>> Thanks
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>> -- 
>> View this message in context:
>> http://www.nabble.com/Garbled-credit-card-numbers--BUG---tp17549189p17564823.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Garbled-credit-card-numbers--BUG---tp17549189p17580670.html
Sent from the OFBiz - User mailing list archive at Nabble.com.