Added by Viktor Gurov about 4 years ago. Updated almost 4 years ago.
100%
Description
config-sanitized.xml contains clear-text passwords:
<ldapbindpass> - squidguard LDAP DN Password (squidguard.xml)
<ldap_pass> - squid LDAP Password (squid_auth.xml)
Updated by Viktor Gurov about 4 years ago
This PR also removes double lighttpd_ls_password and sorts all values alphabetically:
https://gitlab.netgate.com/pfSense/pfSense/merge_requests/2
Updated by Jim Pingle about 4 years ago
See comments on the PR
Updated by Jim Pingle about 4 years ago
Updated by Viktor Gurov about 4 years ago
Updated by Renato Botelho about 4 years ago
PR has been merged. Thanks!
Updated by Viktor Gurov about 4 years ago
OK on 2.5.0.a.20200323.0902:
# grep "ldap.*pass" /cf/conf/config.xml
<ldap_pass>123456</ldap_pass>
<ldapbindpass>123</ldapbindpass>
# grep "ldap.*pass" config-sanitized.xml
<ldap_pass>xxxxx</ldap_pass>
<ldapbindpass>xxxxx</ldapbindpass>
Renato Botelho wrote:
PR has been merged. Thanks!
Updated by Jim Pingle about 4 years ago
Updated by Jim Pingle almost 4 years ago
Updated by Jim Pingle almost 4 years ago
Updated by Jim Pingle almost 4 years ago
Fields are in the list to sanitize.