Module Description
This module allows you to create fields that store passwords. It will store the passwords in encrypted format and (by default) will not display them on the website. This is useful, for example, if you are creating a website that integrates with other services and you would like users to be able to store their password more securely than using a text field. Using this module, you could create a password field and attach it to the user entity (just like any other field), knowing that the passwords will be stored in an encrypted format and won't be displayed to other users.
Note, this is completely different from the Password module that backports the pluggable and secure hashing from Drupal 7 to use with Drupal 6. This module is more like the Email Field or Phone modules in that it provides a field type.
A note on security The most important thing to know about this module is that you should not use this module if you can possibly avoid it.
The reason for this rather strong statement is that, in general, storing passwords in a database is a bad idea. If you can store a salted hash of a password (like Drupal does), or an authorisation token (the way oAuth works), then you should do that instead. Sometimes though, there is a genuine need to store a password in a database, and you want to make sure that the data is at least encrypted. If you are in that situation, then this module is for you.
Please note, even though the passwords are stored in an encrypted format in the database, anyone who has access to your settings.php file and the values from the database should be able to figure out how to decrypt them with very little trouble - especially since this module is publicly available on drupal.org.
Accessing Passwords If you are writing a module that relies on this one, you can fetch the encrypted value of the password using the standard Drupal Field API functions.
Once you have the encrypted value, you can decrypt it using the password_field_decrypt() function. For example:
global $node, $language; module_load_include('module', 'password_field', 'password_field'); $langcode = $language['language']; $lang = (array_key_exists($langcode, $field_data)) ? $langcode : 'und'; $field_data = $node->field_password_field; $parts = array_values($field_data[$lang][0]); $password_value = password_field_decrypt($parts[0]); Development of this module was supported by OPC IT
Note, this is completely different from the Password module that backports the pluggable and secure hashing from Drupal 7 to use with Drupal 6. This module is more like the Email Field or Phone modules in that it provides a field type.
A note on security The most important thing to know about this module is that you should not use this module if you can possibly avoid it.
The reason for this rather strong statement is that, in general, storing passwords in a database is a bad idea. If you can store a salted hash of a password (like Drupal does), or an authorisation token (the way oAuth works), then you should do that instead. Sometimes though, there is a genuine need to store a password in a database, and you want to make sure that the data is at least encrypted. If you are in that situation, then this module is for you.
Please note, even though the passwords are stored in an encrypted format in the database, anyone who has access to your settings.php file and the values from the database should be able to figure out how to decrypt them with very little trouble - especially since this module is publicly available on drupal.org.
Accessing Passwords If you are writing a module that relies on this one, you can fetch the encrypted value of the password using the standard Drupal Field API functions.
Once you have the encrypted value, you can decrypt it using the password_field_decrypt() function. For example:
global $node, $language; module_load_include('module', 'password_field', 'password_field'); $langcode = $language['language']; $lang = (array_key_exists($langcode, $field_data)) ? $langcode : 'und'; $field_data = $node->field_password_field; $parts = array_values($field_data[$lang][0]); $password_value = password_field_decrypt($parts[0]); Development of this module was supported by OPC IT
Module Link
Project Usage
765
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
This module aims to securely store passwords in encrypted format and not display them on the website, providing a more secure option for users to store their passwords on a website that integrates with other services.
Data Name
password_field
OPENAI CHATBOT
OPENAI CHATBOT
