[MODPUBSUB-78] Insecure use of password for pub-sub user - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P2
Resolution: Done
Affects Version/s: 2.0.3
Fix Version/s: 2.0.6, 2.1.0
Labels:
- Vega
- pub-sub
- security

Template:
customfield_11100 34613
Sprint:
EPAM-Veg Sprint 113
Story Points:
3
Development Team:
Vega
Release:
R1 2021 Bug Fix
Epic Link:
Batch Importer (Bib/Acq)

Description

The pub-sub user and password are checked into GitHub as seen here. Also at database level, the password is stored as clear text in mod-pubsub."users" table. Please consider a more secure way to handle this.

Steps

Contact to Vladimir S. and discuss a possible workaround
Ask the community for security storage
mod-config or okapi env params as a workaround
fix bug

Additional Information

Documentation of the current permission implementation: https://github.com/folio-org/mod-pubsub/blob/v2.0.3/README.md#permissions

Attachments

Issue Links

blocks

FOLIO-3134 Reconfigure container deployment for mod-pubsub in folio-ansible

Closed

defines

MODPUBSUB-18 Security Manager

Closed

UXPROD-2851 NFR: Data Import (Batch Importer for Bib Acq) & PubSub R2 2021 Juniper Technical, NFR, & Misc bug work

Closed

relates to

MODPUBSUB-165 Release v2.0.6

Closed

mentioned in: Page Loading...; Page Loading...

(1 mentioned in)

Activity

People

Assignee:: Alexander Kurash

Reporter:: Hongwei Ji

Votes:: 1 Vote for this issue

Watchers:: 18 Start watching this issue

Dates

Created:: 09/Apr/20 10:14 PM

Updated:: 02/Jun/21 12:27 PM

Resolved:: 28/Apr/21 4:42 PM