Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-646

Do not propagate password if not explicitely requested

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.2.2
    • 1.2.3, 2.0.0-M1
    • core
    • None

    Description

      Currently, during propagation (CREATE or UPDATE) password will pe propagated (if and only if it is available) also in case it is not explicitely requested. This behavior has to be changed because it can cause unwanted password replaces in case of update operation.

      1. change password encryption to AES.
      2. change users password.
      3. assigne resource: password is propagated as expected.
      4. change some other attribute and saved: again the password is propagated. This is a potential problem: if user later change the password in the resource, syncope should not overwrite passowrd after that.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            fmartelli Fabio Martelli
            fmartelli Fabio Martelli
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment