mahara-contributors team mailing list archive

Thread
Date

[Bug 806417] Re: smtp password entered as plain text

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Wed, 06 Jul 2011 22:34:04 -0000
Reply-to: Bug 806417 <806417@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Dan,

You're right, but the reality is that obfuscating the display of that
password wouldn't increase the security of Mahara given that we have to
store the password in plain text in the database.

So since we're not getting any real security out of hiding the contents
of this field, we chose to focus on usability and make it easy for the
admin to spot mistakes.

Note that you can always choose to put that password in your config.php
file instead of storing it in the database.

There is a similar issue with the LDAP password, see bug #611045.

Cheers,
Francois

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
       Status: New => Won't Fix

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/806417

Title:
  smtp password entered as plain text

Status in Mahara ePortfolio:
  Won't Fix

Bug description:
  In the setting screen when entering the password in the email settings
  it's entered as plain text. This should be a password field

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/806417/+subscriptions