Project

General

Profile

Feature #10227

ACME: Do not show passwords

Added by Torben Hørup about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
ACME
Target version:
-
Start date:
02/03/2020
Due date:
% Done:

100%

Estimated time:

Description

Those DNS validation methods that uses ordinary username/password for authentication (such as DNS-GratisDNS) should not expose the entered password, but instead only allow to overwrite the current.

History

#1 Updated by Jim Pingle about 2 months ago

  • Tracker changed from Bug to Feature
  • Category set to ACME
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Fixed in ACME package version 0.6.5

As well as it can be in the current framework anyhow. Passwords and other sensitive fields are not shown in the list, and when editing, the fields are masked.

The user could still inspect the form element and see the value, but it would take a lot more to hide it deeper (like in the current standard pfSense password controls) since this does not use the functions from the framework which handle that feature.

This should be good enough, however. If you don't trust a user to see that data, they shouldn't have enough privileges to edit the certificate page.

#3 Updated by Torben Hørup about 1 month ago

It works nicely

#4 Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Resolved

Thanks for testing!

Also available in: Atom PDF