fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 6948 Database connection credentials are stored in plain text

Browse Source 
This issue was fixed, added a way to encryp the passwords
This commit is contained in:
Carlos Pacha
2011-06-10 16:07:53 -04:00
parent 14b44b3efd
commit 4fa0269696
3 changed files with 65 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
workflow/engine/classes/class.dbConnections.php
View File

@@ -395,5 +395,57 @@ class dbConnections
} }
return $aRet; return $aRet;
} }
} /**
* Function encryptThepassw
* @author krlos Pacha C. <carlos@colosa.com>
* @access public
* @param string proUid
* @return void
*/
public function encryptThepassw($proUid){
$oDBSource = new DbSource();
$c = new Criteria();
$c->clearSelectColumns();
$c->addSelectColumn(DbSourcePeer::DBS_UID);
$c->addSelectColumn(DbSourcePeer::DBS_DATABASE_NAME);
$c->addSelectColumn(DbSourcePeer::DBS_PASSWORD);
$c->add(DbSourcePeer::PRO_UID, $proUid);
$result = DbSourcePeer::doSelectRS($c);
$result->next();
$row = $result->getRow();
while ($row = $result->getRow()) {
if($row[2]!=''){
$aPass = explode('_', $row[2]);
if(count($aPass)==1) {
$passEncrypt = G::encrypt($row[2], $row[1]);
$passEncrypt.="_2NnV3ujj3w";
$c2 = new Criteria('workflow');
$c2->add(DbSourcePeer::DBS_PASSWORD, $passEncrypt);
$c3 = new Criteria('workflow');
$c3->add(DbSourcePeer::DBS_UID, $row[0]);
BasePeer::doUpdate($c3, $c2, Propel::getConnection('workflow'));
}
}
$result->next();
}
return 1;
}
/**
* Function getPassWithoutEncrypt
* @author krlos Pacha C. <carlos@colosa.com>
* @access public
* @param string passw
* @return string
*/
public function getPassWithoutEncrypt($aInfoCon){
if($aInfoCon['DBS_PASSWORD']!=''){
$aPassw =explode('_',$aInfoCon['DBS_PASSWORD']);
$passw = $aPassw[0];
if(sizeof($aPassw)>1)
$passw = ($passw == 'none') ? "": G::decrypt($passw,$aInfoCon['DBS_DATABASE_NAME']);
}
return $passw;
}
}

12
workflow/engine/methods/dbConnections/dbConnectionsAjax.php
View File

@@ -102,7 +102,10 @@ switch ( $action ){
$dbServices = $dbs->getDbServicesAvailables(); $dbServices = $dbs->getDbServicesAvailables();
$dbService = $dbs->getEncondeList(); $dbService = $dbs->getEncondeList();
//we are updating the passwords with encrupt info
$dbs->encryptThepassw($_SESSION['PROCESS']);
//end updating
$rows[] = array('uid' => 'char', 'name' => 'char'); $rows[] = array('uid' => 'char', 'name' => 'char');
foreach($dbServices as $srv) { foreach($dbServices as $srv) {
@@ -134,7 +137,8 @@ switch ( $action ){
if ($aFields['DBS_PORT'] == '0') { if ($aFields['DBS_PORT'] == '0') {
$aFields['DBS_PORT'] = ''; $aFields['DBS_PORT'] = '';
} }
$aFields['DBS_PASSWORD']=$dbs->getPassWithoutEncrypt($aFields['DBS_PASSWORD']);
$aFields['DBS_PASSWORD']=($aFields['DBS_PASSWORD'] == 'none') ? "": G::decrypt($aFields['DBS_PASSWORD'], $aFields['DBS_DATABASE_NAME']);
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'dbConnections/dbConnections_Edit', '', $aFields); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'dbConnections/dbConnections_Edit', '', $aFields);
G::RenderPage('publish', 'raw'); G::RenderPage('publish', 'raw');
break; break;
@@ -150,7 +154,7 @@ switch ( $action ){
'DBS_SERVER' => $_POST['server'], 'DBS_SERVER' => $_POST['server'],
'DBS_DATABASE_NAME' => $_POST['db_name'], 'DBS_DATABASE_NAME' => $_POST['db_name'],
'DBS_USERNAME' => $_POST['user'], 'DBS_USERNAME' => $_POST['user'],
'DBS_PASSWORD' => (($_POST['passwd'] == 'none') ? "": $_POST['passwd']), 'DBS_PASSWORD' => (($_POST['passwd'] == 'none') ? "": G::encrypt($_POST['passwd'], $_POST['db_name']))."_2NnV3ujj3w",
'DBS_PORT' => (($_POST['port'] == 'none') ? "": $_POST['port']), 'DBS_PORT' => (($_POST['port'] == 'none') ? "": $_POST['port']),
'DBS_ENCODE' => $_POST['enc'] 'DBS_ENCODE' => $_POST['enc']
); );
@@ -170,7 +174,7 @@ switch ( $action ){
'DBS_SERVER' => $_POST['server'], 'DBS_SERVER' => $_POST['server'],
'DBS_DATABASE_NAME' => $_POST['db_name'], 'DBS_DATABASE_NAME' => $_POST['db_name'],
'DBS_USERNAME' => $_POST['user'], 'DBS_USERNAME' => $_POST['user'],
'DBS_PASSWORD' => (($_POST['passwd'] == 'none') ? "": $_POST['passwd']), 'DBS_PASSWORD' => (($_POST['passwd'] == 'none') ? "": G::encrypt($_POST['passwd'], $_POST['db_name']))."_2NnV3ujj3w",
'DBS_PORT' => (($_POST['port'] == 'none') ? "": $_POST['port']), 'DBS_PORT' => (($_POST['port'] == 'none') ? "": $_POST['port']),
'DBS_ENCODE' => $_POST['enc'] 'DBS_ENCODE' => $_POST['enc']
); );

4
workflow/engine/methods/dbConnections/genericDbConnections.php
View File

@@ -7,8 +7,10 @@
if( isset($_SESSION['PROCESS']) ){ if( isset($_SESSION['PROCESS']) ){
$pro = include (PATH_CORE . "config/databases.php"); $pro = include (PATH_CORE . "config/databases.php");
G::LoadClass('dbConnections'); G::LoadClass('dbConnections');
$oDbConnections = new dbConnections($_SESSION['PROCESS']); $oDbConnections = new dbConnections($_SESSION['PROCESS']);
foreach( $oDbConnections->connections as $db ) { foreach( $oDbConnections->connections as $db ) {
$db['DBS_PASSWORD'] = $oDbConnections->getPassWithoutEncrypt($db);
$dbsPort = ($db['DBS_PORT'] == '') ? ('') : (':'.$db['DBS_PORT']); $dbsPort = ($db['DBS_PORT'] == '') ? ('') : (':'.$db['DBS_PORT']);
$ENCODE = (trim($db['DBS_ENCODE']) == '')? '': '?encoding=' . $db['DBS_ENCODE']; $ENCODE = (trim($db['DBS_ENCODE']) == '')? '': '?encoding=' . $db['DBS_ENCODE'];
$pro['datasources'][$db['DBS_UID']]['connection'] = $db['DBS_TYPE'] . '://' . $db['DBS_USERNAME'] . ':' . $db['DBS_PASSWORD'] . '@' . $db['DBS_SERVER'] .$dbsPort. '/' . $db['DBS_DATABASE_NAME'] . $ENCODE; $pro['datasources'][$db['DBS_UID']]['connection'] = $db['DBS_TYPE'] . '://' . $db['DBS_USERNAME'] . ':' . $db['DBS_PASSWORD'] . '@' . $db['DBS_SERVER'] .$dbsPort. '/' . $db['DBS_DATABASE_NAME'] . $ENCODE;
@@ -17,4 +19,4 @@ if( isset($_SESSION['PROCESS']) ){
return $pro; return $pro;
} }
?> ?>