Actions
Todo #10349
closedstatus.php: Sanitize ldapbindpass and ldap_pass
Start date:
03/16/2020
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
config-sanitized.xml contains clear-text passwords:
<ldapbindpass> - squidguard LDAP DN Password (squidguard.xml)
<ldap_pass> - squid LDAP Password (squid_auth.xml)
Updated by Viktor Gurov almost 5 years ago
This PR also removes double lighttpd_ls_password and sorts all values alphabetically:
https://gitlab.netgate.com/pfSense/pfSense/merge_requests/2
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Pull Request Review
See comments on the PR
Updated by Jim Pingle almost 5 years ago
- Tracker changed from Bug to Todo
- Project changed from pfSense Packages to pfSense
- Category changed from Squid to Diagnostics
- Assignee set to Jim Pingle
- Target version set to 2.5.0
Updated by Viktor Gurov almost 5 years ago
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov over 4 years ago
OK on 2.5.0.a.20200323.0902:
# grep "ldap.*pass" /cf/conf/config.xml <ldap_pass>123456</ldap_pass> <ldapbindpass>123</ldapbindpass> # grep "ldap.*pass" config-sanitized.xml <ldap_pass>xxxxx</ldap_pass> <ldapbindpass>xxxxx</ldapbindpass>
Renato Botelho wrote:
PR has been merged. Thanks!
Updated by Jim Pingle over 4 years ago
- Status changed from Resolved to Feedback
- Target version changed from 2.5.0 to 2.4.5-p1
Updated by Jim Pingle over 4 years ago
- Subject changed from Sanitize ldapbindpass and ldap_pass to status.php: Sanitize ldapbindpass and ldap_pass
Updated by Jim Pingle over 4 years ago
- Status changed from Feedback to Resolved
Fields are in the list to sanitize.
Actions