LDAP Manager password in cleartext...

OJS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 112
Joined: Mon Jun 25, 2007 1:23 pm
Location: British Columbia, Canada

LDAP Manager password in cleartext...

Postby spatialguru » Wed Aug 08, 2007 11:12 am

In the LDAP authentication sources set up for LDAP, it shows the saved Manager password in cleartext on the form. Wouldn't it be a good idea to not show it at all? The one editing the form should know it already, but to prevent trouble I'd prefer to know that no one will ever see the password again.

Similarly when typing in the password there, can it also be hidden or shown as * instead?

Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Re: LDAP Manager password in cleartext...

Postby asmecher » Wed Aug 08, 2007 2:17 pm

Hi spatialguru,

Agreed -- passwords should never be echoed back to the browser. This isn't a high priority fix for us, as the LDAP configuration form is not a regularly-used page, but I've created a Bugzilla entry for a future release; see http://pkp.sfu.ca/bugzilla/show_bug.cgi?id=2971.

Alec Smecher
Public Knowledge Project Team

Return to “OJS Development”

Who is online

Users browsing this forum: No registered users and 1 guest