Open HPI / Feature Requests / #697 Clear text authentication credentials is a security problem

#697 Clear text authentication credentials is a security problem

Milestone: 3.4.0

Status: closed-fixed

Owner: Anton Pak

Labels: OpenHPI Daemon (38)

Subsystem:

Priority: 6

Updated: 2013-10-21

Created: 2012-08-27

Creator: dr_mohan

Private: No

/etc/openhpi/openhpi.conf file has all the authentication credentials in clear text form. This is a security violation even though the file is not readable by others.
This file needs to be encrypted or a encrypted file needs to be referred by this file or the fields need to be encrypted or we need to provide a mechanism to create the encrypted passwords during install or editing config file etc.

Discussion

dr_mohan - 2013-10-21

status: open --> closed-fixed

Group: 3.3.x --> 3.4.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dr_mohan - 2013-10-21

This was closed with checkin #7556. There are other bugs for the same problem #1759 and #1761

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tariq Shureih - 2013-10-21

*ATTENTION**
This account is disabled and is no longer accessed by the recipient.
Please remove it from your address book.

Thanks

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Clear text authentication credentials is a security problem

Group

Searches

Help

#697 Clear text authentication credentials is a security problem

Discussion