elocryptfive icon indicating copy to clipboard operation
elocryptfive copied to clipboard

Published 20 hours ago verified publisher icon delatbabel

Laravel 5.6 - Data is stored as decrypted at model insert

Open gbalduzzi opened this issue 6 years ago • 2 comments

With Laravel > 5.5, this package has some issues when updating a model as mentioned in #22 . There are some possible fixes to that (i.e. overriding getDirty and castAttribute methods).

However, I also noticed a similar issue when inserting a new record on database using Laravel 5.6.

In Class Illuminate\Database\Eloquent\Model, the method performInsert(), has been modified from

$attributes = $this->attributes;

to

$attributes = $this->getAttributes();

So the attributes are decrypted before being saved and are therefore stored in the database as plaintext. Is there a better way to fix this issue then overriding the whole performInsert() function to just change that line?

gbalduzzi avatar Nov 05 '18 16:11 gbalduzzi

Has this package been abandoned? If not, then can this problem [with huge InfoSec ramifications] be fixed?

ampodobas avatar Feb 18 '19 06:02 ampodobas

@ampodobas, a quick GitHub search landed me onto this repository. https://github.com/austinheap/laravel-database-encryption

Documentation says: "... [laravel-database-encryption]... it is a (more modern) replacement, it is not compatible directly out of the box."

With instruction How "[t]o migrate to this package from elocryptfive, ..." :)

PopMishima avatar Feb 26 '19 07:02 PopMishima