Do not store password in localStorage #364
Labels
Comments
|
why? |
|
It is a bit dangerous to have some critical passwords unencrypted on the browser. |
|
Is it just for passwords or tokens as well? |
|
I wish it was the case at least for LDAP passwords. Maybe we should have different policies for each auth plugin? |
|
We could also store the auth token generated after a succesful LDAP authentication instead of the password in clear? Or would that be still too sensitive? |
|
We don't have such thing (auth token) with the current LDAP setup. It is using BasicAuth so the username/password are sent as a base64 encrypted Authorization header. If we move to auth0, we would be able to do that. |
|
This is really important. |
Natim
pushed a commit
that referenced
this issue
Feb 14, 2017
Natim
pushed a commit
that referenced
this issue
Feb 14, 2017
n1k0
added a commit
that referenced
this issue
Feb 16, 2017
New features * Fix #377, #378: Allow dropping edited resource properties. (#379) * Fix #365: Render a JSON diff for history entries. (#380) * Fix #376: Denote readonly buckets & collections in the sidebar. (#382) * Fix #384: Live-searchable/filterable sidebar entries. (#385) * Hide auth method selector when a single one is configured. Bugfixes * Do not store passwords. Fixes #364 (#386)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Maybe sessionStorage instead?
The text was updated successfully, but these errors were encountered: