Clear Text Password - Githubissues

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

https://goharbor.io

Apache License 2.0

23.61k stars 4.72k forks source link

Clear Text Password #20480

Open harrezzebra opened 3 months ago

harrezzebra commented 3 months ago

Harbor should support hashed passwords such as outputed from openssl passwd, instead of clear text.

stonezdj commented 3 months ago

can you please detail the requirement?

harrezzebra commented 3 months ago

One of our ISSP recommends, plain text password should not visible during burpsuite intercepting. login password must be hashed before it's being handed over to TLS/SSL for client server communication.

stonezdj commented 3 months ago

The password is sent by TLS, we consider it is safe to to communicate. please share the link of the ISSP recommends

zyyw commented 3 months ago

The statement login password must be hashed before it's being handed over to TLS/SSL for client server communication is defined in any spec/regulation?