Project

General

Profile

Actions
Copy link

Defect #7003

closed

LDAP password stored in clear text

Added by Steve Takach over 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
LDAP
Target version:
-
Start date:
2010-11-30
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

This is an issue as database administrators can easily read the password used to interrogate the LDAP.
This is undesirable.

The following code can be used to encode the passwords so they are not clear text.

require 'base64'

class AuthSourceLdap < AuthSource
    #
    # Encode the LDAP password so it is not clear text in the database
    #
    def account_password=(cleartext)
        if cleartext.nil? || cleartext.empty?
            return
        end
        self[:account_password] = Base64.encode64(cleartext)
    end

    def account_password
        if self[:account_password].nil? || self[:account_password].empty?
            return "" 
        end

        Base64.decode64(self[:account_password])
    end
end
Actions
Copy link
 #1

Updated by Jean-Philippe Lang about 14 years ago

  • Status changed from New to Closed

The proposed patch only encodes passwords. This is not much different from storing clear passwords.
Encryption support is not added, see #7411.

Actions
Copy link

Also available in: Atom PDF