New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plain text password in the database #3421
Comments
|
Steps to replicate
|
|
PR in to fix. |
|
Hi, the 5c5b99f commit makes etherpad not usable (at least with the Docker version) :
Using etherpad/etherpad (1.8.4) with postgresQL DB. From Docker. But I tried modifying the password directly in settings.json => same issue (first login OK, second > PASSWORD_HIDDEN) so I'm not sure it is 100% Docker related. Edit : I confirm that when I remove the code added by @JohnMcLear on file src/node/db/SessionStore.js from lines 40 to 45 the password is now kept between sessions. |
|
Weird. I'm not sure how doesn't affect non docker deployed versions tho? |
|
I can't even get the password prompt. I changed password and I'm not re-prompted.. What are you doing to get the re-prompt? I went through every step and maybe it's related to just setting the password through the password environment variable? If you set the password with settings.json are things okay? I'm not suggestion you should I'm just trying to isolate the cause / scope of impact. |
|
The bug reported by @alasser is confirmed and it's not related to Docker. Let's move the discussion on #4016. |
…ing in db" This reverts commit 53f1260, which broke user authentication. Fixes issue ether#4016. Reopens issue ether#3421.
|
This issue should be repoened (the fix that closed this issue was reverted). |
…ing in db" This reverts commit 53f1260, which broke user authentication. Fixes issue ether#4016. Reopens issue ether#3421. (cherry picked from commit 901a3f3)
|
@rhansen can you think of a way to solve this issue? It's one of the most critical for 1.9 |
|
@JohnMcLear Wasn't this fixed by #4178? |
|
Oh, this is different. Hmm... I think we can store a shallow copy of the |
I can see my admin password in plain text in the database.
That must not happen!
v1.6.6
The text was updated successfully, but these errors were encountered: