[
https://issues.apache.org/jira/browse/CONNECTORS-737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693992#comment-13693992
]
Maciej Lizewski commented on CONNECTORS-737:
--------------------------------------------
sounds great! I know you have lots of other work to do before 1.3 so I
appreciate this. I think when there will be sample implementation - other
committers can help improving their connectors (at least I am going to do that
:) )
> passwords handling in Manifold
> ------------------------------
>
> Key: CONNECTORS-737
> URL: https://issues.apache.org/jira/browse/CONNECTORS-737
> Project: ManifoldCF
> Issue Type: Wish
> Components: Active Directory authority, GoogleDrive connector
> Affects Versions: ManifoldCF 1.2
> Reporter: Maciej Lizewski
> Assignee: Karl Wright
> Fix For: ManifoldCF 1.3
>
>
> Currently you can see stored passwords in HTML body of the page which is
> quite big security hole. We could rewrite it so that the field is presented
> with some predefined constant string, like "###########" (only to show the
> field with some entered text). Then in process*Post handlers we should check
> if someone entered anything different here and only in such case overwrite
> previously stored password. When posted value is equal to "###########" - we
> leave previous password in configuration intact.
> this applies to almost all connectors...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
