FAL WebDAV Driver

Then also check properly detect upon decryption if a password maybe wasn't encrypted before. If mcrypt was enabled later it would automatically get encrypted the next time the record is opened and saved.

In #43512 I saw that currently if decryption was not done (in that bug: because the hook didn't work) then decryptPassword would be called actually encrypt (!) the password with a newly generated, random key.

For the encryption-check in reports have a look at how saltedpasswords does the check. They also warn if there are passwords (left over) without encryption. So if mcrypt was enabled later we can still make sure all passwords are encrypted.

Stefan Neufeind wrote:

Then also check properly detect upon decryption if a password maybe wasn't encrypted before. If mcrypt was enabled later it would automatically get encrypted the next time the record is opened and saved.

In #43512 I saw that currently if decryption was not done (in that bug: because the hook didn't work) then decryptPassword would be called actually encrypt (!) the password with a newly generated, random key.

Actually, the reason why fal_webdav does decryption is that in the very first versions the password was stored as a simple encrypted string, without any metadata. Therefore, a password without the leading "$" is decrypted using the old standard mechanism. As the extension has never been released with that old code, we could as well drop this and use the method you propose. I'm going to implement this today.

For the encryption-check in reports have a look at how saltedpasswords does the check. They also warn if there are passwords (left over) without encryption. So if mcrypt was enabled later we can still make sure all passwords are encrypted.

I'll have a look at saltedpasswords, thanks for the hint.