Uploaded image for project: 'mod-pubsub'
  1. mod-pubsub
  2. MODPUBSUB-78

SPIKE: Insecure use of password for pub-sub user

    XMLWordPrintable

    Details

    • Template:
    • Development Team:
      Folijet
    • Epic Link:

      Description

      The pub-sub user and password are checked into GitHub as seen here. Also at database level, the password is stored as clear text in mod-pubsub."users" table. Please consider a more secure way to handle this.

      Steps

      • Contact to Vladimir S. and discuss a possible workaround
      • Ask the community for security storage
      • mod-config or okapi env params as a workaround
      • fix bug

      Additional Information

      Documentation of the current permission implementation: https://github.com/folio-org/mod-pubsub/blob/v2.0.3/README.md#permissions

        Attachments

          Issue Links

          defines

          Umbrella - MODPUBSUB-18 Security Manager

          • P3 - low priority level, item will be considered for inclusion in the next dev cycle
          • Open

          New Feature - New feature requests UXPROD-2851 NFR: Data Import (Batch Importer for Bib Acq) & PubSub R2 2021 Juniper Technical, NFR, & Misc bug work

          • P2 - normal priority level, must be included in the current development cycle
          • Open

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              hji Hongwei Ji
              Votes:
              1 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated: