Open tankerkiller125 opened 3 years ago
Are we referring to the fact it's visible as in plain text or visible as in the fact any admin can retrieve it? Many credentials could be vulnerable to over the shoulder surfing in the admin including API keys in pusher and other. If the password never needs to be retrieved again, hiding it completely from the payload (or redacting part of it) could also be an option so a compromised admin account doesn't let you copy all the credentials.
For reference my OverrideSettings
extender in https://github.com/clarkwinkelmann/flarum-local-extenders#override-settings has an option to hide a setting value from the admin. It means a new value can still be saved, but nobody can retrieve it. It's intended to be used together with hiding the corresponding fields with CSS, but a better styling could show those fields have a value without actually loading the value. Like [Empty for unchanged]
Right now this referees to the the password box being in plain-text, I personally wouldn't be apposed to creating an "encrypted" setting type that for things like this in the future though. Maybe something to discuss in a different issue later.
Couldn't we just use type="password"
?
Yes we can just use the password type and that's what we should be doing.
That would be great indeed, just faced the situation when testing Flarum where we would be multiple admins, but I don't want them to be able to see my SMTP server credentials 😉.
I wonder if we should just remove it from the payload and not have it returned... that way it can be set but not read by anyone (a few other mail settings in other software do this).
Edit: I am blind and this is literally what Clark said in the first comment. Replied this because other admins would still be able to see credentials.
Bug Report
Current Behavior Currently the SMTP password is shown in plaintext
Steps to Reproduce View the SMTP password field
Expected Behavior Password should be hidden with the correct password type
Environment
Possible Solution
Change the password field type to be password.