[jbosstools-issues] [JBoss JIRA] (JBIDE-17973) Obscure database password

Marián Labuda (JIRA) issues at jboss.org
Thu Aug 7 02:14:30 EDT 2014 

    [ https://issues.jboss.org/browse/JBIDE-17973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991114#comment-12991114 ] 

Marián Labuda commented on JBIDE-17973:
---------------------------------------

I agree with Catherine. We could check if Embedded Cartridge shell, which is showed up after embedding a cartridge or using DIY/Jenkins basic cartridges, contains keyword "password" and if there is this keyword, we could provide collapsed text area with button to show content and warning right before it, that there are sensitive information. WDYT?

> Obscure database password
> -------------------------
>
>                 Key: JBIDE-17973
>                 URL: https://issues.jboss.org/browse/JBIDE-17973
>             Project: Tools (JBoss Tools)
>          Issue Type: Feature Request
>          Components: openshift
>    Affects Versions: 4.2.0.Beta2
>            Reporter: Catherine Robson
>            Assignee: Max Rydahl Andersen
>            Priority: Minor
>              Labels: uxtest
>             Fix For: 4.3.x
>
>
> When creating an OpenShift application with a database cartridge, the database password is shown in clear text.  This password should be obscured.  
> It was noted that OpenShift does show clear text passwords in some locations, the difference here is that the user did not prompt for this information meaning we are displaying a password in clear text at a potential point where the user is not aware they need to be in a 'secure' environment.
> Reproduce steps:
> 1. Open new OpenShift Application wizard
> 2. Sign in & proceed to next screen
> 3. Choose application cartridge (JBoss EAP 6 for instance) & proceed to next screen
> 4. Add embedded cartridge for database (mySQL 5.5 for instance) & proceed to next screen
> 5. Click next on set up project screen
> 6. Click finish on next screen
> 7 -> ISSUE HERE.  Once app is created, pop-up is shown with mySQL database password shown in clear text.  Screenshot: https://www.evernote.com/shard/s230/sh/cd8123fb-a400-4699-ad08-bcbc06f7b5d5/5513a009f80cfb4099ba4dd0c5640212
> Expected:  Password on this pop-up should be obscured.



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jbosstools-issues mailing list