Defect #7003: LDAP password stored in clear text - Redmine

Actions

Copy link

Defect #7003

closed

LDAP password stored in clear text

Added by Steve Takach over 14 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

LDAP

Target version:

Start date:

2010-11-30

Due date:

% Done:

Estimated time:

Resolution:

Affected version:

Description

This is an issue as database administrators can easily read the password used to interrogate the LDAP.
This is undesirable.

The following code can be used to encode the passwords so they are not clear text.

require 'base64'

class AuthSourceLdap < AuthSource
    #
    # Encode the LDAP password so it is not clear text in the database
    #
    def account_password=(cleartext)
        if cleartext.nil? || cleartext.empty?
            return
        end
        self[:account_password] = Base64.encode64(cleartext)
    end

    def account_password
        if self[:account_password].nil? || self[:account_password].empty?
            return "" 
        end

        Base64.decode64(self[:account_password])
    end
end

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #7003

LDAP password stored in clear text

Updated by Jean-Philippe Lang about 14 years ago