What is the encryption used by Strapi in the password fields?

DMehaffy · April 14, 2021, 10:18pm

Note that this only applies to the users & permissions => user model password.

If you create a new password field on the model it is not encrypted

github.com/strapi/strapi

Custom Password fields not encrypted

opened 10:48AM - 14 Apr 20 UTC

abanchev

type: bug severity: high good first issue status: confirmed source: core:framework

**Describe the bug** Password fields in custom Content Types are saved as clear text in the database. The default User type password field is working as expected. **Steps to reproduce the behavior** 1. Install a new strapi 2. Create a new content type 3. Add a password field and save the content type 4. Add a new item in the content type list, and set a password. **Expected behavior** The database should have the password saved in an encrypted format. Instead we can read the password in clear text. **System** - Node.js version: 13.12.0 - NPM version: 6.4.14 - Strapi version: 3.0.0-beta.19.5 - Database: mysql, and sqlite - Operating system: ubuntu **Additional context** Happens both when saving from the admin interface and when using the api calls in the bootstrap to generate the Content type.