View Issue Details

IDProjectCategoryView StatusLast Update
09056Development [All Projects] Pluginspublic2019-06-12 18:31
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynormalSeverityminor 
Status assignedResolutionopen 
Product Version2.05 
Target VersionFixed in Version 
Summary09056: Security : Pulgin settings password is shown in HTML source
Description

If you have a password plugin, it shown in HTML source. Think we need to update only if not empty, and don't put in HTML

Steps To Reproduce

Activate https://gitorious.org/demo-limesurvey/examplesettings and update the password,
update the settings again and look at HTML source

Additional Information

Maybe we have to put it crypted in DB ? Then using password is more safe, but more complicated.

TagsNo tags attached.

Relationships

related to 12603 resolveddominikvitt Bug reports Setting emailsmtppassword is saved as clear text 

Activities

DenisChenu

DenisChenu

2014-06-17 14:42

developer   ~30130

autocomplete="off" not working anymore https://twitter.com/FxSiteCompat/status/477244922387763202 (IE11 too and chrome (not know the number))

Think an empty string can do the job.

Issue History

Date Modified Username Field Change
2014-05-27 10:43 DenisChenu New Issue
2014-06-17 14:42 DenisChenu Note Added: 30130
2017-08-23 12:47 DenisChenu Relationship added related to 12603
2019-06-12 18:31 DenisChenu Assigned To => DenisChenu
2019-06-12 18:31 DenisChenu Status new => assigned