Encrypt/Decrypt passwords Cancel The title field is required!

1. Roger Blanchard

   

   381 posts
   Registered:
   29 Jun 2018
   23 Aug 2019

   Link to this post

   We store passwords for ftp sites, amazons3, etc..encrypted in the database. When assigning these values such as "password1234" in the UI we then need that encrypted and stored in the DB.
   
   I was thinking the best place to do this would be in the BE in ValidateData. We would take the value from the TT and encrypt it before the SaveChanges is called.
   
   Then in ReceiveData we would decrypt it so we would have the clear text for use.
   
   Is this the best place to encrypt/decrypt?
2. Mike Fechner

   

   319 posts
   Registered:
   14 Sep 2016
   Answered

   23 Aug 2019 in reply to Roger Blanchard

   Link to this post

   Hi Roger,
   
   in general your solution would work. However, I would choose different path - given the sensibility of decryptable passwords.
   
   Rather than including the decrypted passwords in every response of the Business Entity I would return them to a caller only in a separate invokable method. The Service Interface could protect that method to give you the extra level of security. 
   
   If security is really a concern however, I would not implement the decryption of the passwords in the Business Entity at all. Whoever (the process that does the FTP) should be able to decrypt themselves. So they'd need to know the password algorithm and salt.
3. Roger Blanchard

   

   381 posts
   Registered:
   29 Jun 2018
   23 Aug 2019 in reply to Mike Fechner

   Link to this post

   Thanks Mike