Frederisk
commented
1 year ago Currently this security issue can be mitigated by creating a low-privilege BotPassword. I'll learn about SecretStorage and fix that later.
Open artman41 opened 1 year ago
Frederisk
commented
1 year ago Currently this security issue can be mitigated by creating a low-privilege BotPassword. I'll learn about SecretStorage and fix that later.
Currently, when accessing a mediawiki site that requires credentials, the extension will fail if no username/password is defined in config.
Defining the username/password in config however leaves it in plaintext and creates a security risk.
What should happen is that, upon accessing a mediawiki site that requires credentials, a popup should appear requesting the username & password (with the password not being rendered in plaintext). This user/pass combination should not be saved to disk.