Snippets Groups Projects

Rework unhashed admin password visibility

When creating a new local admin user (/admin/user/add-admin-user.xhtml), you can only input Name and Password. Which saves the password without hashing.
And since an (master?)admin can see the password value of each admin user as part of the user details, by default all passwords are visible as plaintext.
Only when changing the password of an already existing account, you can choose a hash algorithm.

I suggest to not even enable unhashed passwords. And/Or the passwords should not be displayed in the GUI.

Designs

Child items ...

Activity

Pierre Wolff added suggestion label 1 month ago

added suggestion label
Pierre Wolff changed title from Unhashed admin password visibility to Rework unhashed admin password visibility 1 month ago

changed title from Unhashed admin password visibility to Rework unhashed admin password visibility
Haykuhi Musheghyan created branch feature/ISSUE-230_rework-unhashed-admin-password-visibility to address this issue 3 weeks ago

created branch feature/ISSUE-230_rework-unhashed-admin-password-visibility to address this issue
Haykuhi Musheghyan assigned to @haykuhi.musheghyan 3 weeks ago

assigned to @haykuhi.musheghyan
Haykuhi Musheghyan @haykuhi.musheghyan · 3 weeks ago

Maintainer

done!
Haykuhi Musheghyan mentioned in merge request !100 (merged) 3 weeks ago

mentioned in merge request !100 (merged)
Haykuhi Musheghyan mentioned in commit bec0bd97 3 weeks ago

mentioned in commit bec0bd97
Haykuhi Musheghyan closed with merge request !100 (merged) 3 weeks ago

closed with merge request !100 (merged)
Michael Simon changed milestone to %2.8.3 2 weeks ago

changed milestone to %2.8.3

Please register or sign in to reply

Due date

None

Health status

None

Confidentiality

Confidentiality controls have moved to the issue actions menu () at the top of the page.

0 Participants

Help | Imprint | Privacy policy | Accessibility | Contact