Problem/Motivation

The key is visible on network tab

Steps to reproduce

When trying to login, do inspect in network tab and look for a js function $get_aes_key this will expose the key

Proposed resolution

Need to use hybrid encryption.

Issue fork encrypted_login-3508224

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

kalash-j created an issue. See original summary.

kalash-j opened merge request !1

kalash-j’s picture

kalash-j commented
Status: Active » Needs review
kalash-j’s picture

kalash-j commented
Assigned: kalash-j » Unassigned
rajdip_755’s picture

rajdip_755
Primary language Bengali
Location kolkata
commented
Assigned: Unassigned » rajdip_755

I am assigning it myself for reviewing this.

rajdip_755’s picture

rajdip_755
Primary language Bengali
Location kolkata
commented
Assigned: rajdip_755 » Unassigned
Status: Needs review » Reviewed & tested by the community

Hi @kalash-j, now the random user can't decrypt the encrypted password as you implemented the hybrid encryption for the AES key itself, so it's looking secure from my side. There are some PHPCS issues, I fixed those also.
Thanks!

kalash-j’s picture

kalash-j commented

  • kalash-j committed 61a10b55 on 1.0.x 
    Issue #3508224: Added a hybrid encryption method.
kalash-j’s picture

kalash-j commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.