Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hide sensible data from the Device Management Configuration tab #2198

Closed
Coduz opened this issue Nov 21, 2018 · 0 comments · Fixed by #2200
Closed

Hide sensible data from the Device Management Configuration tab #2198

Coduz opened this issue Nov 21, 2018 · 0 comments · Fixed by #2200
Assignees
Labels

Comments

@Coduz
Copy link
Contributor

@Coduz Coduz commented Nov 21, 2018

Describe the bug
Currently password contained in the DeviceConfiguration, that is shown in the Device Management Configuration tab in the Device View, are set in the HTML body and they are passed over the network.

This is a security issue since we should avoid exposure of that sensible data if not strictly necessary

To Reproduce
Steps to reproduce the behavior:

  1. Login in Kapua Web Console
  2. Go to the Device View and select a connected Device.
  3. Switch on the Configuration tab.
  4. Search a component configuration that has a password field and inspect the HTML.
  5. Reload the page with the net traffic logger and look at the information exchanged.

Expected behavior
No password should be found.

Screenshots
None

Version of Kapua
Up until 1.0.1

Type of deployment
All

Main component affected
Console - Device view

Additional context
None

@Coduz Coduz self-assigned this Nov 21, 2018
@Coduz Coduz added this to Backport in 1.0.2 via automation Nov 21, 2018
@Coduz Coduz added this to To Do in 1.1.0 via automation Nov 21, 2018
@Coduz Coduz closed this in #2200 Nov 23, 2018
1.1.0 automation moved this from To Do to Done Nov 23, 2018
@Coduz Coduz moved this from Backport to Done in 1.0.2 Nov 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
1.1.0
  
Done
1.0.2
  
Done
1 participant
You can’t perform that action at this time.