[jbosstools-issues] [JBoss JIRA] (JBIDE-17973) Obscure database password
Burr Sutter (JIRA)
issues at jboss.org
Mon Jul 28 15:29:29 EDT 2014
[ https://issues.jboss.org/browse/JBIDE-17973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988453#comment-12988453 ]
Burr Sutter commented on JBIDE-17973:
-------------------------------------
The password in clear text is how the OpenShift web UI handles this as well
http://screencast.com/t/bAhRaXbrJr
I would consider our attempts to obscure the password to be a usability problem - JBDS would be out of sync with the other developer experiences (web and command line). AND having that password is actually very important - if the end-user fails to see it and write it down - then they may have to re-create the app.
> Obscure database password
> -------------------------
>
> Key: JBIDE-17973
> URL: https://issues.jboss.org/browse/JBIDE-17973
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: openshift
> Affects Versions: 4.2.0.Beta2
> Reporter: Catherine Robson
> Assignee: Max Rydahl Andersen
> Priority: Minor
> Labels: uxtest
> Fix For: 4.3.x
>
>
> When creating an OpenShift application with a database cartridge, the database password is shown in clear text. This password should be obscured.
> It was noted that OpenShift does show clear text passwords in some locations, the difference here is that the user did not prompt for this information meaning we are displaying a password in clear text at a potential point where the user is not aware they need to be in a 'secure' environment.
> Reproduce steps:
> 1. Open new OpenShift Application wizard
> 2. Sign in & proceed to next screen
> 3. Choose application cartridge (JBoss EAP 6 for instance) & proceed to next screen
> 4. Add embedded cartridge for database (mySQL 5.5 for instance) & proceed to next screen
> 5. Click next on set up project screen
> 6. Click finish on next screen
> 7 -> ISSUE HERE. Once app is created, pop-up is shown with mySQL database password shown in clear text. Screenshot: https://www.evernote.com/shard/s230/sh/cd8123fb-a400-4699-ad08-bcbc06f7b5d5/5513a009f80cfb4099ba4dd0c5640212
> Expected: Password on this pop-up should be obscured.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jbosstools-issues
mailing list