[jbosstools-issues] [JBoss JIRA] (JBIDE-17973) Obscure database password

Max Rydahl Andersen (JIRA) issues at jboss.org
Fri Jul 25 09:29:30 EDT 2014 

     [ https://issues.jboss.org/browse/JBIDE-17973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Max Rydahl Andersen updated JBIDE-17973:
----------------------------------------

    Fix Version/s: 4.3.x
         Priority: Minor  (was: Major)


The issue here is two fold:

A) The API does not actually in all cases tell us this is a password - thus can't know to obscure it. 

B) rhc does the exactly same - they show a message from the server to let the user know what things have been created.

Thinking about it what we could do is simply to put a stacked panel in this UI and tell the user "There are additional information with possible sensitive information. Please Click here to reveal when can be shown safely".

But for now since this is how both rhc and openshift webapp operates i'm reducing the priority on this.

> Obscure database password
> -------------------------
>
>                 Key: JBIDE-17973
>                 URL: https://issues.jboss.org/browse/JBIDE-17973
>             Project: Tools (JBoss Tools)
>          Issue Type: Feature Request
>          Components: openshift
>    Affects Versions: 4.2.0.Beta2
>            Reporter: Catherine Robson
>            Assignee: Max Rydahl Andersen
>            Priority: Minor
>              Labels: uxtest
>             Fix For: 4.3.x
>
>
> When creating an OpenShift application with a database cartridge, the database password is shown in clear text.  This password should be obscured.  
> It was noted that OpenShift does show clear text passwords in some locations, the difference here is that the user did not prompt for this information meaning we are displaying a password in clear text at a potential point where the user is not aware they need to be in a 'secure' environment.
> Reproduce steps:
> 1. Open new OpenShift Application wizard
> 2. Sign in & proceed to next screen
> 3. Choose application cartridge (JBoss EAP 6 for instance) & proceed to next screen
> 4. Add embedded cartridge for database (mySQL 5.5 for instance) & proceed to next screen
> 5. Click next on set up project screen
> 6. Click finish on next screen
> 7 -> ISSUE HERE.  Once app is created, pop-up is shown with mySQL database password shown in clear text.  Screenshot: https://www.evernote.com/shard/s230/sh/cd8123fb-a400-4699-ad08-bcbc06f7b5d5/5513a009f80cfb4099ba4dd0c5640212
> Expected:  Password on this pop-up should be obscured.



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jbosstools-issues mailing list