openerp-india team mailing list archive

Thread
Date

[Bug 974472] Re: Users_Ldap shows admin password

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: "Turkesh Patel \(openERP\)" <974472@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Aug 2012 05:33:22 -0000
Reply-to: Bug 974472 <974472@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Branch linked: lp:~openerp-dev/openobject-addons/trunk-bug-974472-tpa

--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/974472

Title:
Users_Ldap shows admin password

Status in OpenERP Addons (modules):
Fix Committed

Bug description:
By default after installing the addon in 6.1 it requests the admin
password in order to query the global catalog. The password is then
saved and shown in the clear any time someone views the configuration.
It should be possible to see the configuration without seeing the
password.

The password is also stored in plain text in the database! This is a
password that can query your AD/LDAP global catalog. It's very bad if
people were to get a hold of this password.

1) Steps to reproduce the issue you have observed

Install openerp 6.1 and install the users_ldap addon. Configure the
addon. Now visit that company's configuration tab, and inside will be
the ldap settings. Double clicking on those will show you a view that
includes the plain text password.

2) The result you observed
Seeing the password we previously entered.

3) The result you expected
Having the password be starred, or hidden, or not visible but editable through a dialogue.

4) The platform your are using
debian/ubunutu

5) The OpenERP version you are using (e.g. 5.0.15, 6.0-dev), if possible including the specific
6.1 alpha and 6.1 stable .deb packages confirmed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/974472/+subscriptions

References

[Bug 974472] [NEW] Users_Ldap shows admin password
From: Alan Alexander, 2012-04-05