[
https://issues.apache.org/jira/browse/NIFI-5001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16409491#comment-16409491
]
Matt Gilman commented on NIFI-5001:
-----------------------------------
Thanks for filing this JIRA. I wanted to comment here to reference a similar
effort [1] and it's PR [2]. In order to address these, we'll likely need to
introduce a password flag or something similar in the Property Descriptors.
Check out the discussion in the PR for the relevant details.
[1]https://issues.apache.org/jira/browse/NIFI-3439
[2]https://github.com/apache/nifi/pull/1546
> Passwords are visible while typing in(Possibility of shoulder attacks)
> ----------------------------------------------------------------------
>
> Key: NIFI-5001
> URL: https://issues.apache.org/jira/browse/NIFI-5001
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.5.0
> Reporter: Bhavishya Mathur
> Priority: Minor
> Labels: Nifi, browser, security, ui
> Attachments: Screenshot (157).png, Screenshot (158).png
>
>
> For all the processors and the controller services, the password field in the
> core UI is visible while we are entering the passwords. Thus, it opens an
> opportunity to shoulder attacks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
