flarum / issue-archive

0 stars 0 forks source link

Change SMTP Password Type #88

Open tankerkiller125 opened 3 years ago

tankerkiller125 commented 3 years ago

Bug Report

Current Behavior Currently the SMTP password is shown in plaintext

Steps to Reproduce View the SMTP password field

Expected Behavior Password should be hidden with the correct password type

Environment

Possible Solution

Change the password field type to be password.

clarkwinkelmann commented 3 years ago

Are we referring to the fact it's visible as in plain text or visible as in the fact any admin can retrieve it? Many credentials could be vulnerable to over the shoulder surfing in the admin including API keys in pusher and other. If the password never needs to be retrieved again, hiding it completely from the payload (or redacting part of it) could also be an option so a compromised admin account doesn't let you copy all the credentials.

For reference my OverrideSettings extender in https://github.com/clarkwinkelmann/flarum-local-extenders#override-settings has an option to hide a setting value from the admin. It means a new value can still be saved, but nobody can retrieve it. It's intended to be used together with hiding the corresponding fields with CSS, but a better styling could show those fields have a value without actually loading the value. Like [Empty for unchanged]

tankerkiller125 commented 3 years ago

Right now this referees to the the password box being in plain-text, I personally wouldn't be apposed to creating an "encrypted" setting type that for things like this in the future though. Maybe something to discuss in a different issue later.

askvortsov1 commented 3 years ago

Couldn't we just use type="password"?

tankerkiller125 commented 2 years ago

Yes we can just use the password type and that's what we should be doing.

MichaIng commented 2 years ago

That would be great indeed, just faced the situation when testing Flarum where we would be multiple admins, but I don't want them to be able to see my SMTP server credentials 😉.

dsevillamartin commented 2 years ago

I wonder if we should just remove it from the payload and not have it returned... that way it can be set but not read by anyone (a few other mail settings in other software do this).

Edit: I am blind and this is literally what Clark said in the first comment. Replied this because other admins would still be able to see credentials.