[stork-users] Hiding passwords in config files

Buclin, Bertrand Bertrand.Buclin at intl.att.com
Wed Jun 9 13:32:21 UTC 2021


Hi,

Providing the live configuration of a service in Stork is a great feature. Rather than "raw" actually, a more descriptive word would be "live", in my opinion, but that's a detail.

The more serious issue is that the password fields such as the database password for the config-database, the lease-database, the hosts-database, or the RADIUS secrets,  should not display the passwords in clear, unless the user is a super-admin. And better, even if the user is a super-admin, the password should not be display by default in clear. You could put a small button next to the password, which allows to display the password when clicked.

Thanks.

Bertrand Buclin
Director, Access Technology Management
Global Connectivity Management

AT&T Global Network Services (Switzerland) GmbH
m +41 79 333 00 20  |  bbuclin at att.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/stork-users/attachments/20210609/755dd2eb/attachment.htm>


More information about the Stork-users mailing list