Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SessionProvider MySQL credentials are shown in the admin GUI as plaintext #7147

Closed
vpr-ossteam opened this issue Jun 6, 2019 · 0 comments

Comments

@vpr-ossteam
Copy link

commented Jun 6, 2019

  • Gitea version (or commit ref): 1.8.1
  • Git version: 2.7.4
  • Operating system: Ubuntu 16.04
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

Greetings!
I'm using Gitea 1.8.1 with MySQL 5.7. And if I'm using MySQL for session storing purposes, I can see the credentials in GUI as plaintext.

Steps to reproduce

  1. Select MySQL like a sessions storage in the config file:
[session]
PROVIDER        = mysql
PROVIDER_CONFIG = someclient:somepassword@tcp(srv-mysql:3306)/someclient
  1. Reload Gitea
  2. Login in into Gitea with admin credentials
  3. Follow this way: Site Administration ⇒ Configuration ⇒ Session Configuration ⇒ Provider Config

Screenshots

20190525-152945

@zeripath zeripath changed the title MySQL credentials are shown in the GUI as plaintext SessionProvider MySQL credentials are shown in the GUI as plaintext Jun 6, 2019

@zeripath zeripath changed the title SessionProvider MySQL credentials are shown in the GUI as plaintext SessionProvider MySQL credentials are shown in the admin GUI as plaintext Jun 6, 2019

@lunny lunny added the kind/security label Jun 8, 2019

@lunny lunny added this to the 1.9.0 milestone Jun 8, 2019

@lunny lunny closed this in #7300 Jun 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.