View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|10987||Feature requests||Plugins||public||2016-04-19 19:37||2019-06-12 18:30|
|Summary||10987: Plugin settings of type "password" are stored in plain text|
|Description||We are designing a plugin that has a setting of type 'password'. This (undocumented) setting type presents an input field with type="password", effectively masking the password to the user that types it in; this is expected, usual behaviour.|
However, the input is stored directly in the database, in plain text, without any type of encoding. This may present a security risk.
|Additional Information||Food for thought:|
Where does the responsibility of encoding and decoding password settings lie? With the plugin developer, or with the LimeSurvey application that provides this setting type to begin with?
|Tags||No tags attached.|
Remark 1 : LS core already save SMTP password in clear text in DB
Remark 2 : Plugin passwoird is shown in HTML flow : this is the bug , not save in DB
Remark 3 : plugin are allowed to extend getPluginSettings and saveSettings
Then YOUR plugin can crypt the password the way the plugin want, and not core want.
Think it's more a feature request.
Note: There is no truly secure way for storing the password.
However we can apply encryption to protect from a DB only breach.
1. We have an encryption password (something that is unique for each installation and not stored in the database.
2. We encrypt the password using that encryption key, before storing it.
3. We decrypt the password upon fetching it.
- The plugin developer can choose whether or not to serve the saved (decrypted) password as a default / current value, that is not up to us.
- In case both the filesystem and database are breached this offers no protection.
- We can't use hashing here since the password needs to be available in cleartext for use by the plugin.
Move to feature , and question is
- Did LS must crypt the password of plugin by default or not.
I think i add a options encryt=>true/false :)
And then add the default behaviour for saving :)
|2016-04-19 19:37||akeyser||New Issue|
|2016-04-20 11:32||ollehar||Assigned To||=> DenisChenu|
|2016-04-20 11:32||ollehar||Status||new => assigned|
|2016-04-20 11:39||DenisChenu||Note Added: 37585|
|2016-04-20 11:43||sammousa||Note Added: 37586|
|2016-04-20 14:15||DenisChenu||Assigned To||DenisChenu =>|
|2016-04-20 14:16||DenisChenu||Project||Bug reports => Feature requests|
|2016-04-20 14:16||DenisChenu||Status||assigned => new|
|2016-04-20 14:16||DenisChenu||Severity||@60@ => feature|
|2016-04-20 14:16||DenisChenu||Product Version||2.5 =>|
|2016-04-20 14:17||DenisChenu||Note Added: 37605|
|2017-08-23 12:47||DenisChenu||Relationship added||related to 12603|
|2019-03-12 16:23||Mazi||Issue Monitored: Mazi|
|2019-06-12 18:30||DenisChenu||Assigned To||=> DenisChenu|
|2019-06-12 18:30||DenisChenu||Status||new => assigned|
|2019-06-12 18:30||DenisChenu||Note Added: 52382|