-
Bug
-
Resolution: Workaround exists
-
Major
-
None
-
5.7
-
None
In Password field documentation we say:
The field saves a cryptographic Bcrypt hash of the password rather than the password itself.
This statement is not correct, at least not by default. The password field stores the password in the repository in plain text (unencrypted) by default. To reproduce, configure the field in any form and examine the result.
It's not clear what the user must do to enable the encryption. An encode property is listed in documentation but it doesn't seem to do anything. PasswordFieldDefinition has no such property.
Fix the default behavior or document how to enable encryption.
- is related to
-
DOCU-984 Update "Password field" page
- Closed
-
MGNLUI-5537 Create M6 UI PasswordField
- Closed