a.m. wrote:
What do you mean? What exactly should be encrypted? And where?
P.S. I'm not the author of this plugin. The author of this forum topic is. We've just upgraded it to version 3.10 from 3.00
Configure methods for beginning.
here is decryption
var model = new ConfigurationModel
{
ApiSignature = _payPalExpressCheckoutPaymentSettings.ApiSignature
Password = _payPalExpressCheckoutPaymentSettings.Password,
Username = _payPalExpressCheckoutPaymentSettings.Username,
}
here is encryption
if (IsLogoImageValid(model.LogoImageURL, out validationErrors))
{
_payPalExpressCheckoutPaymentSettings.ApiSignature = model.ApiSignature;
_payPalExpressCheckoutPaymentSettings.Password = model.Password;
_payPalExpressCheckoutPaymentSettings.Username = model.Username;
}
Then need to decrypt in
GetRequesterCredentials()
method.
I checked database afterwards, username, password and API in clean text in database.
Which is totally unsecure. Change it - just 3 minutes. But will be very helpful.
I wanted to use this plugin, but because security issue, I started to write own plugin.