Is it possible to decrypt the member password in order to push it to anther system such as webstore?
We've moved the forum!
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
No, that would defeat the purpose :)
You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE
But that won't decrypt existing passwords will it?
No it won't decrypt existing passwords.
The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).
So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.
Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.
I guess just like stock once your password is salted it can't be unsalted
One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
That way a regenerated password on the site would immidiately work also to log in to your webstore.
If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.