Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
Locked
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
 
|
Hello Marco,
Thanks for your wonderful work in this area. I truly appreciate your efforts. Here are few thoughts / comments : 1) We are saving password as it is. https://localhost:8443/accounting/control/ViewGatewayConfiguration?paymentGatewayConfigId=PAYFLOWPRO_CONFIG I think we should encrypt the password before saving it to database and will not show the password as it is while fetching it from database. Thoughts ? 2) We should change the name of service in the service definition and implementation. For example you have used "updateGatewayConfiguration" instead of this if we use "updatePaymentGatewayConfig" then it will help developers to easily see the referenced entity. Same applies to other references like updateGatewayConfigurationPayflowPro, updateGatewayConfigurationClearCommerce .... etc. 3) We should change request map entries to follow the best practice as well. For ex : ViewGatewayConfigurationType, ViewGatewayConfiguration can be changed EditPaymentGatewayConfigType & EditPaymentGatewayConfig respectively. I am requesting you to change this now (Refer #3 & #4 points) because newcomers start coding and can take reference of this code. 4) Do you have some some plan to provide the form and services to create new "PaymentGatewayConfig" & "PaymentGatewayConfigType" records ? -- Ashish Vijaywargiya [hidden email] wrote: > Author: mrisaliti > Date: Thu Apr 9 19:45:31 2009 > New Revision: 763782 > > URL: http://svn.apache.org/viewvc?rev=763782&view=rev > Log: > Move payment.properties to PaymentGatewayConfig entities (OFBIZ-2269) > > Added: > ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentGatewayConfigServices.xml (with props) > ofbiz/trunk/applications/accounting/servicedef/services_paymentgateway.xml (with props) > ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigurationsForms.xml (with props) > ofbiz/trunk/applications/accounting/widget/PaymentGatewayConfigurationsScreens.xml (with props) > ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/actions/store/EditProductStorePaySetup.groovy (with props) > Modified: > ofbiz/trunk/applications/accounting/config/AccountingUiLabels.xml > ofbiz/trunk/applications/accounting/data/AccountingTypeData.xml > ofbiz/trunk/applications/accounting/entitydef/entitymodel.xml > ofbiz/trunk/applications/accounting/ofbiz-component.xml > ofbiz/trunk/applications/accounting/servicedef/services_paymentmethod.xml > ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentGatewayServices.java > ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml > ofbiz/trunk/applications/accounting/widget/Menus.xml > ofbiz/trunk/applications/product/config/ProductUiLabels.xml > ofbiz/trunk/applications/product/entitydef/entitymodel.xml > ofbiz/trunk/applications/product/servicedef/services_store.xml > ofbiz/trunk/applications/product/webapp/catalog/store/ProductStoreForms.xml > ofbiz/trunk/applications/product/widget/catalog/StoreScreens.xml > ofbiz/trunk/specialpurpose/ecommerce/data/DemoFinAccount.xml > ofbiz/trunk/specialpurpose/ecommerce/data/DemoProduct.xml > ofbiz/trunk/specialpurpose/ecommerce/data/DemoRentalProduct.xml > ofbiz/trunk/specialpurpose/ecommerce/data/DemoStoreGiftCertificateSettings.xml > ofbiz/trunk/specialpurpose/pos/data/DemoRetail.xml > ofbiz/trunk/specialpurpose/webpos/data/DemoPosData.xml > > Modified: ofbiz/trunk/applications/accounting/config/AccountingUiLabels.xml > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/config/AccountingUiLabels.xml?rev=763782&r1=763781&r2=763782&view=diff > ============================================================================== > --- ofbiz/trunk/applications/accounting/config/AccountingUiLabels.xml (original) > +++ ofbiz/trunk/applications/accounting/config/AccountingUiLabels.xml Thu Apr 9 19:45:31 2009 > @@ -5474,6 +5474,30 @@ > <value xml:lang="th">รายà¸à¸²à¸£à¸ªà¸à¸²à¸à¸°à¸à¸¥à¸¸à¹à¸¡à¸à¸¹à¹à¹à¸à¹</value> > <value xml:lang="zh">ä¼åè§è²å表</value> > </property> > + <property key="AccountingPayflowProLoggingOff"> > + <value xml:lang="en">Logging Off</value> > + <value xml:lang="it">Log disabilitato</value> > + </property> > > |
smime.p7s (4K)
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
Administrator
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
Administrator
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
Administrator
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
Administrator
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
Thanks Jacques & David.
-- Ashish Jacques Le Roux wrote: > Thanks for the clarification David > > Jacques > > From: "David E Jones" <[hidden email]> >> On Apr 14, 2009, at 1:57 PM, Jacques Le Roux wrote: >> >>> From: "David E Jones" <[hidden email]> >>>> On Apr 14, 2009, at 11:21 AM, Jacques Le Roux wrote: >>>> >>>>> From: "Ashish Vijaywargiya" <[hidden email]> >>>>> Hello Marco, >>>>> >>>>> Thanks for your wonderful work in this area. >>>>> I truly appreciate your efforts. >>>>> >>>>> Here are few thoughts / comments : >>>>> >>>>> 1) We are saving password as it is. >>>>> https://localhost:8443/accounting/control/ViewGatewayConfiguration?paymentGatewayConfigId=PAYFLOWPRO_CONFIG >>>>> >>>>> I think we should encrypt the password before saving it to >>>>> database and >>>>> will not show the password as it is while fetching it from database. >>>>> Thoughts ? >>>>> >>>>> +1, using what we already use (also SHA that should be salted at >>>>> some point in the future) >>>> >>>> These are all good changes, so thanks to Jacques and especially >>>> Ashish for the comments. >>>> >>>> For the gateway password encryption we'll want to use the Entity >>>> Engine's built-in two-way encryption. We can't use SHA/hash >>>> encryption because we have to be able to decrypt these passwords >>>> to send them to the payment gateway (ie they would never accept a >>>> hashed form of the password, that is a big security hole and >>>> basically nullifies most of the benefit of the hash, which is why >>>> by default we don't allow that in OFBiz either). >>>> >>>> -David >>> >>> Hi David, >>> >>> I understand that we need a 2 ways encryption for a payment gateway. >>> But about SHA I'm not quite sure to understand. SHA means Secure >>> Hash Algorithm, so why do you add /ash after SHA ? >>> I know we use SHA for login password, so I'm no sure of what you >>> mean. Do you mean that we should not use salted SHA in OFBiz at all ? >> >> SHA is a hash algorithm, but there are other hash algorithms and >> that is why I wrote "SHA/hash". >> >> My main point is that a normal password hash algorithm is not >> relevant here as it can't be used when 2-way encryption is needed, >> that's all. >> >> -David >> > |
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
Administrator
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
In reply to this post by Jacques Le Roux
>> Hello Marco,
>> Thanks for your wonderful work in this area. >> I truly appreciate your efforts. In my initial email I have given thanks to Marco ... and he deserve for that. I think you have missed that .... may be due to your super fast working style ;0). I had given thanks to you and David because you guys have shared your thoughts on my comment. Thanks once again Marco, Jacques & David ! (I guess now the order of included person in this line solves our purpose :-) ) -- Ashish Jacques Le Roux wrote: > Actualluy we should better thank Marco! ;o) > > Jacques > > |
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
In reply to this post by mrisaliti@libero.it
AFAIK you understood it right Marco.
Here is the example for credit card : <field name="cardNumber" type="long-varchar" encrypt="true"></field> -- Ashish [hidden email] wrote: > Hi to all, > > if I understand correctly it's enough to use the encrypt attribute on the password fields. > > for example in PaymentGatewayPayfloPro could be : > > <field name="pwd" type="short-varchar" encrypt="true"> > > Have I understood correctly ? > > Thanks > Marco > > > |
Re: svn commit: r763782 [1/2] - in /ofbiz/trunk: applications/accounting/ applications/accounting/config
|
|
| Free forum by Nabble | Edit this page |