Bug #8597
closed
When we use password 'plain' method, the password is always displayed in the directive
Description
In User Management technique, if we use the 'plain' method for password management, the clear text password is always displayed. We should have an option to at least obfucate it so that people with little rights won't see it
Updated by François ARMAND over 8 years ago
To make the need more clear: we need to specify what a user with READ ONLY rights on the directive can see.
It may make sens to only display "*******" for any password, be it plain or hash or whatever.
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.23 to 2.11.24
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 2.11.24 to 308
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 308 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by Benoît PECCATTE over 7 years ago
- Severity set to Minor - inconvenience | misleading | easy workaround
- User visibility set to Getting started - demo | first install | level 1 Techniques
- Priority set to 0
Updated by François ARMAND over 7 years ago
- Status changed from New to Rejected
In last version of the technique, we are not displaying the password unless if you check the option for that.
About the right: it does not seem correct to forbid people with READ ONLY rights to see the clear text password (think for example about an auditor who need to have access to that information). The correct behavior if it is a problem is to use hashed passwords.