Details

      Description

      Currently you can see stored passwords in HTML body of the page which is quite big security hole. We could rewrite it so that the field is presented with some predefined constant string, like "###########" (only to show the field with some entered text). Then in process*Post handlers we should check if someone entered anything different here and only in such case overwrite previously stored password. When posted value is equal to "###########" - we leave previous password in configuration intact.

      this applies to almost all connectors...

        Activity

        Maciej Lizewski created issue -
        Maciej Lizewski made changes -
        Field Original Value New Value
        Issue Type Bug [ 1 ] Wish [ 5 ]
        Karl Wright made changes -
        Assignee Karl Wright [ kwright@metacarta.com ]
        Karl Wright made changes -
        Fix Version/s ManifoldCF 1.3 [ 12324315 ]
        Affects Version/s ManifoldCF 1.2 [ 12323743 ]
        Component/s Active Directory authority [ 12314323 ]
        Component/s GoogleDrive connector [ 12320709 ]
        Karl Wright made changes -
        Fix Version/s ManifoldCF next [ 12316443 ]
        Fix Version/s ManifoldCF 1.3 [ 12324315 ]
        Karl Wright made changes -
        Fix Version/s ManifoldCF 1.3 [ 12324315 ]
        Fix Version/s ManifoldCF next [ 12316443 ]
        Karl Wright made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Karl Wright
            Reporter:
            Maciej Lizewski
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development