[CONNECTORS-737] passwords handling in Manifold - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: ManifoldCF 1.2
Fix Version/s: ManifoldCF 1.3
Component/s: Active Directory authority, GoogleDrive connector
Labels:
None

Description

Currently you can see stored passwords in HTML body of the page which is quite big security hole. We could rewrite it so that the field is presented with some predefined constant string, like "###########" (only to show the field with some entered text). Then in process*Post handlers we should check if someone entered anything different here and only in such case overwrite previously stored password. When posted value is equal to "###########" - we leave previous password in configuration intact.

this applies to almost all connectors...

Attachments

Activity

People

Assignee:: Karl Wright

Reporter:: Maciej Lizewski

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Jun/13 08:45

Updated:: 15/Jul/13 14:03

Resolved:: 15/Jul/13 14:03