Uploaded image for project: 'Spring XD'
  1. Spring XD
  2. XD-1831

Mask Database Passwords in REST Controllers and Admin UI

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: M7
    • Fix Version/s: 1.0 RC1
    • Component/s: UI
    • Labels:

      Description

      When deploying a batch job, the UI displays the database password found in the server.yml in plain text to the user. At the very least, this should be displayed in a password field so it's masked out and have it masked out in the resulting definition at the bottom of the page. Ideally, we wouldn't provide the password on that page at all and only accept overriding options (if the user wants a password other than the configured one, enter it…otherwise, we'll use what we have).

      I'm finding that this occurs in other places as well. A full pass though of the UI should be done to mask out passwords (or eliminate their display all together).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hillert Gunnar Hillert
              Reporter:
              mminella Michael Minella
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: