jean louis abegg created GUACAMOLE-1162:
-------------------------------------------
Summary: security in guacamole_user_attribute
Key: GUACAMOLE-1162
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1162
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-jdbc-mysql
Affects Versions: 1.2.0
Environment: any
Reporter: jean louis abegg
Hello,
I've backuped a guacamole install 1.2.0 and sniffed in the .sql file.
In the table guacamole_user_attribute, i've seen clear password in it.
A suggestion would be to encrypt the parameter_value when parameter_name is
equal to "password"
Unless i'ts already done in 1.3.0?
Thank you for your hard work.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
