Feature #10227
closed
ACME: Do not show passwords
Added by Torben Hørup almost 5 years ago.
Updated almost 5 years ago.
Description
Those DNS validation methods that uses ordinary username/password for authentication (such as DNS-GratisDNS) should not expose the entered password, but instead only allow to overwrite the current.
- Tracker changed from Bug to Feature
- Category set to ACME
- Assignee set to Jim Pingle
- Status changed from New to Feedback
- % Done changed from 0 to 100
Fixed in ACME package version 0.6.5
As well as it can be in the current framework anyhow. Passwords and other sensitive fields are not shown in the list, and when editing, the fields are masked.
The user could still inspect the form element and see the value, but it would take a lot more to hide it deeper (like in the current standard pfSense password controls) since this does not use the functions from the framework which handle that feature.
This should be good enough, however. If you don't trust a user to see that data, they shouldn't have enough privileges to edit the certificate page.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by