[stork-users] Hiding passwords in config files
Buclin, Bertrand
Bertrand.Buclin at intl.att.com
Wed Jun 9 13:32:21 UTC 2021
Hi,
Providing the live configuration of a service in Stork is a great feature. Rather than "raw" actually, a more descriptive word would be "live", in my opinion, but that's a detail.
The more serious issue is that the password fields such as the database password for the config-database, the lease-database, the hosts-database, or the RADIUS secrets, should not display the passwords in clear, unless the user is a super-admin. And better, even if the user is a super-admin, the password should not be display by default in clear. You could put a small button next to the password, which allows to display the password when clicked.
Thanks.
Bertrand Buclin
Director, Access Technology Management
Global Connectivity Management
AT&T Global Network Services (Switzerland) GmbH
m +41 79 333 00 20 | bbuclin at att.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/stork-users/attachments/20210609/755dd2eb/attachment.htm>
More information about the Stork-users
mailing list