Feature #10227
closed
ACME: Do not show passwords
100%
Description
Those DNS validation methods that uses ordinary username/password for authentication (such as DNS-GratisDNS) should not expose the entered password, but instead only allow to overwrite the current.
Updated by Jim Pingle about 4 years ago
- Tracker changed from Bug to Feature
- Category set to ACME
- Assignee set to Jim Pingle
Updated by Jim Pingle about 4 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Fixed in ACME package version 0.6.5
As well as it can be in the current framework anyhow. Passwords and other sensitive fields are not shown in the list, and when editing, the fields are masked.
The user could still inspect the form element and see the value, but it would take a lot more to hide it deeper (like in the current standard pfSense password controls) since this does not use the functions from the framework which handle that feature.
This should be good enough, however. If you don't trust a user to see that data, they shouldn't have enough privileges to edit the certificate page.
Updated by
Updated by Jim Pingle about 4 years ago
- Status changed from Feedback to Resolved
Thanks for testing!