Skip to Content Skip to Menu

cb_folderaccess - Contains all my users passwords?

  • calumw098
  • calumw098
  • OFFLINE
  • Posts: 2
  • Thanks: 0
  • Karma: 0
13 years 2 weeks ago - 13 years 2 weeks ago #181777 by calumw098
Hi there,

I've been working on a website that uses Community Builder and within the MySQL database, in jos_comprofiler, there's a field called "cb_folderaccess" that contains the users unecrypted password for each entry.

Why is this? Is this intended? Is there a way to disable/encrypt this?
Last edit: 13 years 2 weeks ago by calumw098.

Please Log in or Create an account to join the conversation.

  • nant
  • nant
  • OFFLINE
  • Posts: 12339
  • Thanks: 1467
  • Karma: 877
13 years 2 weeks ago - 13 years 2 weeks ago #181782 by nant

calumw098 wrote: Hi there,

I've been working on a website that uses Community Builder and within the MySQL database, in jos_comprofiler, there's a field called "cb_folderaccess" that contains the users unecrypted password for each entry.

Why is this? Is this intended? Is there a way to disable/encrypt this?


This column is not added by CB - something else has added this.
What else do you have installed.

Not a CB bug.

Perhaps you have CBSubs also installed?
Last edit: 13 years 2 weeks ago by nant.

Please Log in or Create an account to join the conversation.

  • calumw098
  • calumw098
  • OFFLINE
  • Posts: 2
  • Thanks: 0
  • Karma: 0
13 years 2 weeks ago #181784 by calumw098
Yes, CBSubs is also installed, do you think this is the likely cause?

Please Log in or Create an account to join the conversation.

  • beat
  • beat
  • ONLINE
  • Posts: 2169
  • Thanks: 463
  • Karma: 352
13 years 1 week ago #181957 by beat
If you are on WIndows localhost and are using the CBSubs Protected folders integrations plugin, as Windows does not support crypted passwords for folders protections in [it]ht[/i]access users files, and CBSubs must be able to add and remove users from the files without requesting a CB/Joomla login, it unfortunately must store them on Windows.

On a real Linux webserver, passwords are crypted and also stored crypted, so there are no such issues like on Windows.

This is a well-known shortcoming of Windows webserver-folders-protections. Storing the passwords on Windows in a 2-way crypting function would only add a feeling of safety without giving a real one.

If you don't use folder-protections, you don't need to install that plugin and can uninstall it.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum