Annoyingly, eway requires the eway account password (which allows full access to your eway account) when you are making some types of payments, so we have to store it in drupal.

We should do something to make this password more secure in drupal.

1. Make the text field on the settings for a password field, so the password isn't visible in plain text.
2. Encrypt the password in the database. We could just use the uc_store encryption class.

Comments

agileware’s picture

Also note that eWAY have informed me that the API is going to be changed to remove the need for the password.