Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Remove display of passwords and authentication tokens in settings

Description

If possible, it would be preferable not to display passwords or authentication tokens in:

  • Settings > LDP > Database configuration > Password

  • Settings > LDP > Saved queries configuration > OAuth token for access to repository

If a password text field component is available, that may provide a good interface.  Otherwise, leaving the field blank might be best.

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Mike Taylor July 6, 2022 at 11:10 AM

Mike Taylor April 4, 2022 at 3:36 PM

I think there is almost nothing to be done on the client side, then: once MODLDP-25 is done, the actual functionality will be complete. At that point, all I will do in ui-ldp is modify the wording in the relevant settings page to explain what's going on, and put in field placeholders that say "[Hidden]".

Nassib Nassar February 18, 2022 at 7:36 PM

Mike Taylor February 18, 2022 at 10:21 AM

Well, I can do this. But it's not going to provide and protection against someone who knows how to open the Dev Tools in their browser and look at the network responses. I wonder if this is security theatre and will give a misleadingly reassuring image of being safe?

Done

Details

Assignee

Reporter

Labels

Priority

Development Team

Thor

Fix versions

Release

Morning Glory (R2 2022)

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created February 18, 2022 at 3:57 AM
Updated February 14, 2023 at 10:13 AM
Resolved July 6, 2022 at 11:10 AM
Configure
TestRail: Cases
TestRail: Runs

Flag notifications