Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Mask password fields of inputs returned by the REST API. #5432
Motivation and Context
Before this change, input details returned by the REST API would contain
For users which are not allowed to edit an input, this change now iterates over configuration fields checking for the presence of password fields and replace their content with
For users which possess the required permission to edit an input, the original value is returned as it is used to set the value of the password field and would be used for updating the input if left unchanged.
This is a middle ground between a quick fix improving the situation (not everybody who is able to view inputs can also see passwords) and a proper fix that would require more work and attention to consistency, which will happen in a future version.
Refs #5408 and partially fixes it.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
2 times, most recently
Dec 21, 2018
kmerz left a comment
This code does not deal with the problem when the password is displayed in the GUI for edit.