search

flexiodata / flexio-web-app

Flex.io Web App
https://www.flex.io/app
MIT License
5 stars 2 forks source link

BUG: Permissions/Privacy: Connection tokens/credentials should be masked in when not being edited #539

Open wanderslth opened 5 years ago

wanderslth commented 5 years ago
  1. I'm permissioned as a user, poking around my team leaders page.
  2. Go to connections, keyring for crunchbase API:

keyring-xggt _ flexiodemo's team

  1. I discover that the API key pair is test:foo and can now take it and use it.

Suggest masking credentials (e.g., ********:********* for all connections, unless you're in 'Edit' mode. The other alternative is 'show/hide' toggle -- but you'd then need to make sure permissions were set up on that toggle. In the former, a 'user' is not permissioned with edit capabilities, so would by definition be unable to see these credentials and use them elsewhere.