search

etf-validator / etf-webapp

:earth_africa: :mag: ETF is an open source testing framework for spatial data and services
https://www.etf-validator.net
European Union Public License 1.2
19 stars 19 forks source link

Username in TestRun log #215

Closed carlospzurita closed 4 years ago

carlospzurita commented 4 years ago

Description

On the execution of service ETS, if Basic HTTP authentication is used, the credentials appear on the TestRun log in plain text, under the keys 'username' and 'authUser'.

Log snippet with fake information

imagen

Operating systems and browser

Steps to Reproduce

  1. Select WMS TestSuite
  2. Select 'Credentials' and enter useranema and password
  3. Include service endpoint HTTP
  4. Start test run and monitor log
  5. In 'Project properties', look for keys 'username' and 'authUser'

Expected behavior: Credentials should be omitted from TestRun log Actual behavior: Credentials appear in plain text

jonherrmann commented 4 years ago

Credentials should be omitted from TestRun log

I only see the username without the password and by definition only a part of the credentials. So it is useless without the password. I don't see that this is an high priority security issue, but you are welcome to implement a configuration option, so that the username is not shown.

carlospzurita commented 4 years ago

Yes you are right, the password is not shown. However we are going to include a configuration for this and modify the Test Driver to not log the username.