The SuiteCRM instance I recently inherited is in a very bad state, and I’m not sure whether this is something that can be fixed without a reinstall.
For some reason, user login passwords are stored in plaintext, which I’m really kind of freaking out about in a live system with fairly sensitive data.
I cannot see any option in the Password Management to encrypt the passwords, hence why I’m wondering whether this is an install-time option and necessitates a clean install.
Can I update this without a fresh install?
Why is this even an option?
Does it indicate that the person who set it up installed it as a dev version?
If so, what other security holes might co-occur that I should be looking out for?
And finally (on a related topic) I’ve seen a lot of discussion about the reintroduction of an encrypted field type on the 7.11 roadmap, and we’re on 7.11.22, but I can’t see anything in the designer to encrypt a field.
As I write it occurs to me what this probably is… is SuiteCRM looking for encryption libraries that were installed on the server external to and prior to SuiteCRM…?
So as this was set up with only SuiteCRM, it’s entirely possible that no encryption is available, and SuiteCRM has just skipped it…?
If so, I assume my predecessor would have received a warning about this at install time that they must have ignored…?
So again, can I fix this live or am I going to have to do a rebuild from ground up…?