Uploaded image for project: 'Magnolia UI'
  1. Magnolia UI
  2. MGNLUI-4182

Password field stores password in plain text

    XMLWordPrintable

Details

    • Bug
    • Resolution: Workaround exists
    • Major
    • None
    • 5.7
    • forms
    • None
    • Yes

    Description

      In Password field documentation we say:

      The field saves a cryptographic Bcrypt hash of the password rather than the password itself.

      This statement is not correct, at least not by default. The password field stores the password in the repository in plain text (unencrypted) by default. To reproduce, configure the field in any form and examine the result.

      It's not clear what the user must do to enable the encryption. An encode property is listed in documentation but it doesn't seem to do anything. PasswordFieldDefinition has no such property.

      Fix the default behavior or document how to enable encryption.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                ahietala Antti Hietala
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD