Hi,
The password there is not the same as the password which allows you to log on your PayPal account.
We don't hide it because even if someone reads it on your screen, he won't be able to do much with it.
Even with all the information there, the most he could do would be sending you some money.
Also, not hiding it allows you to easily check that you didn't make a mistake which, actually, happens quite often...
Also, note that encrypting the password, and making it not visible are two different things.
Hiding the password would mean that it would be replaced by the browser with dots. It would only prevent someone looking over your shoulder from peaking. But someone with access to the page would still be able to get your password by looking at the HTML of the page (it takes 2 seconds and it is really easy to do). So if you want to prevent someone else with access to the backend from seeing it, it's better to use ACLs.
Encrypting the password is normally done in the database so that if you get hacked, the attacker can't easily get your password. However, due to the way the communication works between HikaShop and payment gateways, the password has to be stored in clear in the database so that it can be used to authenticate your website to the payment gateway when it contacts it. And as I said earlier, even if an attacker would get your payment method information, it would only be able to transfer you some money.
No the biggest risk is that someone with access to your backend changes the information there for his own account so that the money goes to him instead of your account. And this can be prevented with ACLs.
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
