maxfischer2781
commented
5 years ago The password is publicly available (no harm adding it in the source) and only applies to the testing mode (may never be used in production). To quote from the Specification section mentioned in the source:
- The submission of the parameter spPassword is specific to the use of the Saferpay test account. On live accounts this parameter must not be submitted.
This password is directly tied to the functionality of the test environment, and dictated by the specification. There is no situation where a user may have to change it, and most will not know what it does anyway.
https://github.com/maxfischer2781/indico_sixpay/blob/master/indico_sixpay/request_handlers.py#L211
According to the context it's just for testing, but if this password is needed in production as well then it needs to be moved to a plugin setting (and of course changed).