[jbosstools-issues] [JBoss JIRA] (JBIDE-17973) Obscure database password
Max Rydahl Andersen (JIRA)
issues at jboss.org
Fri Jul 25 10:23:29 EDT 2014
[ https://issues.jboss.org/browse/JBIDE-17973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988049#comment-12988049 ]
Max Rydahl Andersen commented on JBIDE-17973:
---------------------------------------------
btw. if users uses "show environment variables" they will get context sensitive passwords dumped on the screen too.
> Obscure database password
> -------------------------
>
> Key: JBIDE-17973
> URL: https://issues.jboss.org/browse/JBIDE-17973
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: openshift
> Affects Versions: 4.2.0.Beta2
> Reporter: Catherine Robson
> Assignee: Max Rydahl Andersen
> Priority: Minor
> Labels: uxtest
> Fix For: 4.3.x
>
>
> When creating an OpenShift application with a database cartridge, the database password is shown in clear text. This password should be obscured.
> It was noted that OpenShift does show clear text passwords in some locations, the difference here is that the user did not prompt for this information meaning we are displaying a password in clear text at a potential point where the user is not aware they need to be in a 'secure' environment.
> Reproduce steps:
> 1. Open new OpenShift Application wizard
> 2. Sign in & proceed to next screen
> 3. Choose application cartridge (JBoss EAP 6 for instance) & proceed to next screen
> 4. Add embedded cartridge for database (mySQL 5.5 for instance) & proceed to next screen
> 5. Click next on set up project screen
> 6. Click finish on next screen
> 7 -> ISSUE HERE. Once app is created, pop-up is shown with mySQL database password shown in clear text. Screenshot: https://www.evernote.com/shard/s230/sh/cd8123fb-a400-4699-ad08-bcbc06f7b5d5/5513a009f80cfb4099ba4dd0c5640212
> Expected: Password on this pop-up should be obscured.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jbosstools-issues
mailing list