this is exactly I was talking about :)
2013/6/27 Karl Wright (JIRA) <[email protected]> > > [ > https://issues.apache.org/jira/browse/CONNECTORS-737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694824#comment-13694824] > > Karl Wright commented on CONNECTORS-737: > ---------------------------------------- > > r1497409 tries this out with the GoogleDrive connector. > > > > passwords handling in Manifold > > ------------------------------ > > > > Key: CONNECTORS-737 > > URL: > https://issues.apache.org/jira/browse/CONNECTORS-737 > > Project: ManifoldCF > > Issue Type: Wish > > Components: Active Directory authority, GoogleDrive connector > > Affects Versions: ManifoldCF 1.2 > > Reporter: Maciej Lizewski > > Assignee: Karl Wright > > Fix For: ManifoldCF 1.3 > > > > > > Currently you can see stored passwords in HTML body of the page which is > quite big security hole. We could rewrite it so that the field is presented > with some predefined constant string, like "###########" (only to show the > field with some entered text). Then in process*Post handlers we should > check if someone entered anything different here and only in such case > overwrite previously stored password. When posted value is equal to > "###########" - we leave previous password in configuration intact. > > this applies to almost all connectors... > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA > administrators > For more information on JIRA, see: http://www.atlassian.com/software/jira >
