Project

General

Profile

Actions

Todo #10349

closed

status.php: Sanitize ldapbindpass and ldap_pass

Added by Viktor Gurov about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Diagnostics
Target version:
Start date:
03/16/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

config-sanitized.xml contains clear-text passwords:
<ldapbindpass> - squidguard LDAP DN Password (squidguard.xml)
<ldap_pass> - squid LDAP Password (squid_auth.xml)

Actions #1

Updated by Viktor Gurov about 2 years ago

This PR also removes double lighttpd_ls_password and sorts all values alphabetically:
https://gitlab.netgate.com/pfSense/pfSense/merge_requests/2

Actions #2

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review

See comments on the PR

Actions #3

Updated by Jim Pingle about 2 years ago

  • Tracker changed from Bug to Todo
  • Project changed from pfSense Packages to pfSense
  • Category changed from Squid to Diagnostics
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
Actions #5

Updated by Renato Botelho about 2 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #6

Updated by Viktor Gurov about 2 years ago

OK on 2.5.0.a.20200323.0902:

# grep "ldap.*pass" /cf/conf/config.xml
                <ldap_pass>123456</ldap_pass>
                <ldapbindpass>123</ldapbindpass>
# grep "ldap.*pass" config-sanitized.xml 
                <ldap_pass>xxxxx</ldap_pass>
                <ldapbindpass>xxxxx</ldapbindpass>

Renato Botelho wrote:

PR has been merged. Thanks!

Actions #7

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
Actions #8

Updated by Jim Pingle about 2 years ago

  • Private changed from Yes to No
Actions #9

Updated by Jim Pingle about 2 years ago

  • Status changed from Resolved to Feedback
  • Target version changed from 2.5.0 to 2.4.5-p1
Actions #10

Updated by Jim Pingle about 2 years ago

  • Subject changed from Sanitize ldapbindpass and ldap_pass to status.php: Sanitize ldapbindpass and ldap_pass
Actions #11

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

Fields are in the list to sanitize.

Actions

Also available in: Atom PDF