Hi
I have today encountered an issue with the built-in security module of scriptcase. When updating a user’s record through the corresponding form, scriptcase will save the password as unencrypted clear text into the database.
This means that
a) the user can not log in again or change the password, since the app expects the encrypted password
b) everybody with viewing access to the table can now see the unencrypted password
This happened every time I updated a specific user - in this case myself - but it did not happen to any of the other users I tested this with by updating their records.
I have done this in the past and I know it happened before, but I am unsure if it hapened every time.
Logging out of the production environment did not fix the issue. Using the deployed version of the project (instead of the developement version under …/scriptcase/app/project) did not fix the issue. Changing the user who does the updating did not fix the issue.
Using incognito mode seems to fix the issue. Using a different PC seems to fix the issue.
I use the built-in version of the security module (with only a few cosmetic changes to the html) and version 9.13.018.