cb_folderaccess - Contains all my users passwords?

Hi there,

I've been working on a website that uses Community Builder and within the MySQL database, in jos_comprofiler, there's a field called "cb_folderaccess" that contains the users unecrypted password for each entry.

Why is this? Is this intended? Is there a way to disable/encrypt this?

calumw098 wrote: Hi there,

I've been working on a website that uses Community Builder and within the MySQL database, in jos_comprofiler, there's a field called "cb_folderaccess" that contains the users unecrypted password for each entry.

Why is this? Is this intended? Is there a way to disable/encrypt this?

This column is not added by CB - something else has added this.
What else do you have installed.

Not a CB bug.

Perhaps you have CBSubs also installed?

Yes, CBSubs is also installed, do you think this is the likely cause?

If you are on WIndows localhost and are using the CBSubs Protected folders integrations plugin, as Windows does not support crypted passwords for folders protections in [it]ht[/i]access users files, and CBSubs must be able to add and remove users from the files without requesting a CB/Joomla login, it unfortunately must store them on Windows.

On a real Linux webserver, passwords are crypted and also stored crypted, so there are no such issues like on Windows.

This is a well-known shortcoming of Windows webserver-folders-protections. Storing the passwords on Windows in a 2-way crypting function would only add a feeling of safety without giving a real one.

If you don't use folder-protections, you don't need to install that plugin and can uninstall it.