weixin_39802969
weixin_39802969
2020-12-05 01:52

Password in cleartext at the end of installation

Hi,

At the end of installation, the config file to copy is displayed. With it, there is potentially the MySQL database password, in cleartext.

I think user should be warned that next page will display passwords in cleartext. Better, there should be more javascript on this part, in my opinion, to hide the config file and reveal it upon click or something like this.

Moreover, as the config file is not physically written to the server, and the user has to do it manually, why not moving this full part to full javascript and avoid useless communications between client and server ?

Thanks

该提问来源于开源项目:idno/known

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39930671 weixin_39930671 5月前

    The config.ini file is sometimes written to the server, when permissions are available. Very much take your point about JS though - perhaps it could be passed to the server only when necessary.

    On Thu, Dec 18, 2014 at 3:09 PM, Lucas Verney notifications.com wrote:

    Hi,

    At the end of installation, the config file to copy is displayed. With it, there is potentially the MySQL database password, in cleartext.

    I think user should be warned that next page will display passwords in cleartext. Better, there should be more javascript on this part, in my opinion, to hide the config file and reveal it upon click or something like this.

    Moreover, as the config file is not physically written to the server, and the user has to do it manually, why not moving this full part to full javascript and avoid useless communications between client and server ?

    Thanks

    — Reply to this email directly or view it on GitHub https://github.com/idno/idno/issues/636.

    Ben Werdmuller http://goog_1933028737 benwerd.com | werd.io

    +1 (312) 488-9373

    点赞 评论 复制链接分享
  • weixin_39802969 weixin_39802969 5月前

    My bad, I have very restricted permissions on my server, and missed the fact that it could be written by the server sometimes.

    For now, I'm a bit blocked in my "Known" exploration, as I have to run it in a subfolder and it seems that it's not easy to do for now, according to https://github.com/idno/idno/issues/382.

    点赞 评论 复制链接分享
  • weixin_39930671 weixin_39930671 5月前

    Sorry about that. We're working on making that easier.

    On Thu, Dec 18, 2014 at 3:30 PM, Lucas Verney notifications.com wrote:

    My bad, I have very restricted permissions on my server, and missed the fact that it could be written by the server sometimes.

    For now, I'm a bit blocked in my "Known" exploration, as I have to run it in a subfolder and it seems that it's not easy to do for now, according to

    382 https://github.com/idno/idno/issues/382.

    — Reply to this email directly or view it on GitHub https://github.com/idno/idno/issues/636#issuecomment-67492745.

    Ben Werdmuller http://goog_1933028737 benwerd.com | werd.io

    +1 (312) 488-9373

    点赞 评论 复制链接分享
  • weixin_39930671 weixin_39930671 5月前

    Subfolder installations are now possible.

    点赞 评论 复制链接分享

相关推荐