View Issue Details

IDProjectCategoryView StatusLast Update
09056Development Pluginspublic2019-06-12 18:31
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynormalSeverityminor 
Status assignedResolutionopen 
Product Version2.05 
Summary09056: Security : Pulgin settings password is shown in HTML source
DescriptionIf you have a password plugin, it shown in HTML source. Think we need to update only if not empty, and don't put in HTML
Steps To ReproduceActivate https://gitorious.org/demo-limesurvey/examplesettings and update the password,
update the settings again and look at HTML source
Additional InformationMaybe we have to put it crypted in DB ? Then using password is more safe, but more complicated.
TagsNo tags attached.

Relationships

related to 12603 closeddominikvitt Bug reports Setting emailsmtppassword is saved as clear text 

Users monitoring this issue

User List Mazi

Activities

DenisChenu

DenisChenu

2014-06-17 14:42

developer   ~30130

autocomplete="off" not working anymore https://twitter.com/FxSiteCompat/status/477244922387763202 (IE11 too and chrome (not know the number))

Think an empty string can do the job.

Issue History

Date Modified Username Field Change
2014-05-27 10:43 DenisChenu New Issue
2014-06-17 14:42 DenisChenu Note Added: 30130
2017-08-23 12:47 DenisChenu Relationship added related to 12603
2019-03-12 16:24 Mazi Issue Monitored: Mazi
2019-06-12 18:31 DenisChenu Assigned To => DenisChenu
2019-06-12 18:31 DenisChenu Status new => assigned