[
https://issues.apache.org/jira/browse/CONNECTORS-737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Wright updated CONNECTORS-737:
-----------------------------------
Component/s: GoogleDrive connector
Active Directory authority
Affects Version/s: ManifoldCF 1.2
Fix Version/s: ManifoldCF 1.3
I am triaging it for 1.3, although I don't think all connectors will be done
then.
> passwords handling in Manifold
> ------------------------------
>
> Key: CONNECTORS-737
> URL: https://issues.apache.org/jira/browse/CONNECTORS-737
> Project: ManifoldCF
> Issue Type: Wish
> Components: Active Directory authority, GoogleDrive connector
> Affects Versions: ManifoldCF 1.2
> Reporter: Maciej Lizewski
> Assignee: Karl Wright
> Fix For: ManifoldCF 1.3
>
>
> Currently you can see stored passwords in HTML body of the page which is
> quite big security hole. We could rewrite it so that the field is presented
> with some predefined constant string, like "###########" (only to show the
> field with some entered text). Then in process*Post handlers we should check
> if someone entered anything different here and only in such case overwrite
> previously stored password. When posted value is equal to "###########" - we
> leave previous password in configuration intact.
> this applies to almost all connectors...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
