Secret Key shouldn't be shown to the admin user.

Ipstenu / dreamobjects

DreamObjects Backup Plugin for WordPress

10 stars 5 forks source link

Secret Key shouldn't be shown to the admin user. #1

Closed fzylogic closed 11 years ago

fzylogic commented 11 years ago

On the bucket configuration page, both the access key and the secret key are displayed to the admin user. At least the secret key should be hidden from view so that an exploited WP install can't lead to trivial deletion of all of the bucket's contents.

Ipstenu commented 11 years ago

Hmm. Given that it doesn't need to be shown at all, I think I'll just hide it. If you filled them in, they vanish :)

Jeremy Hanmer wrote:

On the bucket configuration page, both the access key and the secret key are displayed to the admin user. At least the secret key should be hidden from view so that an exploited WP install can't lead to trivial deletion of all of the bucket's contents.

— Reply to this email directly or view it on GitHub https://github.com/Ipstenu/dreamobjects/issues/1.

Ipstenu commented 11 years ago

Alrighty. New version will have it. if you want to DL the one here on GitHub, you'll find 2.3-beta and all sorts of yummy changes.