Uploaded image for project: 'Spring XD'
  1. Spring XD
  2. XD-1831

Mask Database Passwords in REST Controllers and Admin UI

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Improvement
    • Status: Done
    • Major
    • Resolution: Complete
    • M7
    • 1.0 RC1
    • UI

    Description

      When deploying a batch job, the UI displays the database password found in the server.yml in plain text to the user. At the very least, this should be displayed in a password field so it's masked out and have it masked out in the resulting definition at the bottom of the page. Ideally, we wouldn't provide the password on that page at all and only accept overriding options (if the user wants a password other than the configured one, enter it…otherwise, we'll use what we have).

      I'm finding that this occurs in other places as well. A full pass though of the UI should be done to mask out passwords (or eliminate their display all together).

      Attachments

        Issue Links

          Activity

            People

              hillert Gunnar Hillert
              mminella Michael Minella
              Archiver:
              tmarshall Trevor Marshall

              Dates

                Created:
                Updated:
                Resolved:
                Archived: