Active
Project:
Ubercart eWay Payment Gateway
Version:
6.x-2.x-dev
Component:
Code
Priority:
Major
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
29 Apr 2011 at 07:37 UTC
Updated:
2 May 2011 at 04:43 UTC
Annoyingly, eway requires the eway account password (which allows full access to your eway account) when you are making some types of payments, so we have to store it in drupal.
We should do something to make this password more secure in drupal.
1. Make the text field on the settings for a password field, so the password isn't visible in plain text.
2. Encrypt the password in the database. We could just use the uc_store encryption class.
Comments
Comment #1
agileware commentedAlso note that eWAY have informed me that the API is going to be changed to remove the need for the password.