spree-contrib/spree_active_shipping

Credential encryption

femmestem opened this issue · 0 comments

Suggested security feature: Credentials for each shipping carrier account are stored in the spree_preferences table as plain text. Best security practices are to store password and/or account login as an encrypted record that is then decrypted by the controller before being passed to the form view. Something like gem 'attr_encrypted' would be helpful.