[jbosstools-issues] [JBoss JIRA] (JBIDE-17973) Obscure database password

Max Rydahl Andersen (JIRA) issues at jboss.org
Fri Jul 25 10:23:29 EDT 2014 

    [ https://issues.jboss.org/browse/JBIDE-17973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988049#comment-12988049 ] 

Max Rydahl Andersen commented on JBIDE-17973:
---------------------------------------------

btw. if users uses "show environment variables" they will get context sensitive passwords dumped on the screen too.

> Obscure database password
> -------------------------
>
>                 Key: JBIDE-17973
>                 URL: https://issues.jboss.org/browse/JBIDE-17973
>             Project: Tools (JBoss Tools)
>          Issue Type: Feature Request
>          Components: openshift
>    Affects Versions: 4.2.0.Beta2
>            Reporter: Catherine Robson
>            Assignee: Max Rydahl Andersen
>            Priority: Minor
>              Labels: uxtest
>             Fix For: 4.3.x
>
>
> When creating an OpenShift application with a database cartridge, the database password is shown in clear text.  This password should be obscured.  
> It was noted that OpenShift does show clear text passwords in some locations, the difference here is that the user did not prompt for this information meaning we are displaying a password in clear text at a potential point where the user is not aware they need to be in a 'secure' environment.
> Reproduce steps:
> 1. Open new OpenShift Application wizard
> 2. Sign in & proceed to next screen
> 3. Choose application cartridge (JBoss EAP 6 for instance) & proceed to next screen
> 4. Add embedded cartridge for database (mySQL 5.5 for instance) & proceed to next screen
> 5. Click next on set up project screen
> 6. Click finish on next screen
> 7 -> ISSUE HERE.  Once app is created, pop-up is shown with mySQL database password shown in clear text.  Screenshot: https://www.evernote.com/shard/s230/sh/cd8123fb-a400-4699-ad08-bcbc06f7b5d5/5513a009f80cfb4099ba4dd0c5640212
> Expected:  Password on this pop-up should be obscured.



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jbosstools-issues mailing list