Actions
Defect #116
closedsvn password in clear text
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
I have found the svn user password in clear text into the html sourco of the projects settings page
(projects/settings/1).
This password is also in clear text into the mysql database.
This is a very critical security bug. Is possible to manage this password in hashing mode (like the admin password)???
Thank you
Related issues
Updated by Jean-Philippe Lang about 17 years ago
This password is also in clear text into the mysql database.
What do you propose ? Encryption ?
Updated by Jean-Philippe Lang about 17 years ago
svn user password in clear text into the html source
Fixed in r942.
This password is also in clear text into the mysql database
This password can not be hashed in the database since Redmine
needs it in clear to run svn commands.
Actions