jcc
Member
I'm not really sure how concerned I should be about this, but I noticed that the user and password are stored in the <prefix>_fabrik_connections table in clear text.
It seems to me that those credentials would be of a more sensitive nature than those in <prefix>_users which are encrypted.
Certainly, <prefix>_users can use a one-way encryption where <prefix>_fabrik_connections would need to be decrypted as well, but any encryption would be better than none.
It seems to me that those credentials would be of a more sensitive nature than those in <prefix>_users which are encrypted.
Certainly, <prefix>_users can use a one-way encryption where <prefix>_fabrik_connections would need to be decrypted as well, but any encryption would be better than none.