Admin can view all passwords!

[GoogleCodeExporter]

Admin can view all passwords without permission!
This is very bad for us, because admin for this application cant be allowed to 
see sensitive passwords.
Nice function will be when admin cant see any password.

Original issue reported on code.google.com by petr.ho...@gmail.com on 28 Jul 2011 at 10:28

[GoogleCodeExporter]

That is by design, since admins most likely have access to the database 
directly and server side decryption keys, ability to add users to groups, and 
need a way to debug passwords with accidentally messed up permissions for 
users.  All events are logged in an audit trail.  However that being said, it 
is still a configurable option if you really want to turn it off.  Get rid of 
the "BYPASS_PASSWORD_PERMISSIONS" line in DefaultAuthorizer.java file and 
rebuild the project.   Note you may also want to remove 
"VIEW_REPORT_CurrentPasswordExport" authorization too.  Future versions are 
planned to have more fine grained roles and permissions, and/or push some of 
these common customizations into a config file rather than the source code.  
For major changes you can develop your own Authorizer plugin to override the 
default one, see the Developer's Guide for instructions to do that.

Original comment by joshdrum...@gmail.com on 4 Oct 2011 at 6:40

• Changed state: Invalid