Support

Admin Tools

#22861 Hashing / Encrypting Download ID

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 26 June 2015 01:40 CDT

wesleyderbyshire
Any plans to hash / encrypt the Download ID used for Updates in both Admin Tools and Akeeba Backup? Basically, I don't want other SuperAdmins that may access the site from simply copying the Download ID and utilizing it on their own site. While I do use Add-On ID's and can deactivate an ID, I am exploring jointly working with other developers who would then have long term access to the site, and thus the Download ID that I have paid for.

Regards,

Wesley Derbyshire

nicholas
Akeeba Staff
Manager
The Download ID is already a hash. Moreover it can't be encrypted for a few basic reasons:
  • Reversible encryption where the keys are stored on the same server with the encrypted text is pointless.
  • The Options page needs to display it unencrypted so you have a chance of editing it and, most importantly, know if there is a download ID set or not.
  • The Options page is handled by Joomla! itself using a very limited set of field types making it impossible to store encrypted text anyway.


The best approach is to NOT enter the Download ID at all. You do not need it to operate the component. You do not even need it to update the component. You can simply download the new version and go to Extensions, Extension Manager, Upload and Install to upload and install it. In fact this is what the Joomla! updater does for you anyway: downloads the new version (that's why it needs the Download ID) and install it on your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!