Reputation: 5913
How do I encrypt/decrypt a password field in Odoo 9.0?
How do I encrypt this field before storing it in the database?
password = fields.Char(string="Password", required=True)
Do I use auth_crypt?
How do I store (encrypt) and retrieve (decrypt) this field? Do I need to use computed fields?
Upvotes: 0
Views: 6911
Answers (2)
Reputation: 1216
Yes, use odoo official encrypt module. after 8.0 onward odoo default encrypt password.
new field: password_crypt which store encoded protected password.
Use official way of pick password field in model file and proper xml widget for form view.
How to reset user's password via direct SQL for Odoo
Upvotes: 0
Reputation: 112855
Essentially you should not store encrypted passwords because they can be decrypted when an attacker obtains access to the server.
Instead you should iterate over an HMAC with a random salt for about 100ms, (the salt needs to be saved with the hash). Better to use functiions designed to do this such as password_hash, PBKDF2, bcrypt, etc. The point is to make the attacker spend a lot of time finding passwords by brute force.
See OWASP (Open Web Application Security Project) Password Storage Cheat Sheet.
Upvotes: 1
Related Questions
- Odoo 12 I can't change the value of the calculated field
- Make multiple fields invisible with many2many field odoo
- How can I search by a computed field in Odoo?
- How can I redefine a compute field? In Odoo 9
- Odoo line break in field name
- Computed field result in odoo 10
- Co dependent fields in Odoo 9.0 view