#697 Clear text authentication credentials is a security problem

3.4.0
closed-fixed
6
2013-10-21
2012-08-27
dr_mohan
No

/etc/openhpi/openhpi.conf file has all the authentication credentials in clear text form. This is a security violation even though the file is not readable by others.
This file needs to be encrypted or a encrypted file needs to be referred by this file or the fields need to be encrypted or we need to provide a mechanism to create the encrypted passwords during install or editing config file etc.

Discussion

  • dr_mohan

    dr_mohan - 2013-10-21
    • status: open --> closed-fixed
    • Group: 3.3.x --> 3.4.0
     
  • dr_mohan

    dr_mohan - 2013-10-21

    This was closed with checkin #7556. There are other bugs for the same problem #1759 and #1761

     
  • Tariq Shureih

    Tariq Shureih - 2013-10-21

    *ATTENTION**
    This account is disabled and is no longer accessed by the recipient.
    Please remove it from your address book.

    Thanks

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks