rbeckman-nextgen
commented
4 years ago What would be the purpose for this? Is it just so it doesn't show up in cleartext in the Administrator? Note that it would not add any actual security. Obfuscation is not encryption. For instance, even if you're using a SQL mode Database Reader with the password field, you can still see the password by exporting your channel and looking at the XML. I wouldn't really even call that "obfuscation".
Consider using something like the configuration map for storing the password. That way your connector would just use the replacement token, like ${dbPassword} or $('dbPassword'). The configuration map is not included in server exports, and is stored on the filesystem in the appdata directory. So if a user only has read-access to channels but not the configuration map (which is completely possible with the User Authorization extension), then they will not be able to view the password at all.
Or, you could use a global deploy script to set such variables. Again there, with User Authorization you can restrict view access to the global scripts.
Imported Comment. Original Details: Author: narupley Created: 2015-11-20T10:24:33.000-0800
When using JavaScript in Database Connector, there is no way to obfuscate the password. It would be very helpful to have variable containing the contents of the Password field for this purpose.
Imported Issue. Original Details: Jira Issue Key: MIRTH-3839 Reporter: aitougan Created: 2015-11-20T10:15:41.000-0800