[
https://issues.apache.org/jira/browse/CONNECTORS-737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693960#comment-13693960
]
Maciej Lizewski commented on CONNECTORS-737:
--------------------------------------------
ok, so lets do like this: create canonical implementation and functionality
leaving current connectors as they are. New connectors and changes will be
encouraged to use this new mechanism. what do you think? we could even postpone
this issue to next realeases, but I would be glad not to see clear passwords :)
> passwords handling in Manifold
> ------------------------------
>
> Key: CONNECTORS-737
> URL: https://issues.apache.org/jira/browse/CONNECTORS-737
> Project: ManifoldCF
> Issue Type: Bug
> Reporter: Maciej Lizewski
>
> Currently you can see stored passwords in HTML body of the page which is
> quite big security hole. We could rewrite it so that the field is presented
> with some predefined constant string, like "###########" (only to show the
> field with some entered text). Then in process*Post handlers we should check
> if someone entered anything different here and only in such case overwrite
> previously stored password. When posted value is equal to "###########" - we
> leave previous password in configuration intact.
> this applies to almost all connectors...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
