Uploaded image for project: 'mod-pubsub'
  1. mod-pubsub
  2. MODPUBSUB-78

Insecure use of password for pub-sub user

    XMLWordPrintable

Details

    • EPAM-Veg Sprint 113
    • 3
    • Vega
    • R1 2021 Bug Fix

    Description

      The pub-sub user and password are checked into GitHub as seen here. Also at database level, the password is stored as clear text in mod-pubsub."users" table. Please consider a more secure way to handle this.

      Steps

      • Contact to Vladimir S. and discuss a possible workaround
      • Ask the community for security storage
      • mod-config or okapi env params as a workaround
      • fix bug

      Additional Information

      Documentation of the current permission implementation: https://github.com/folio-org/mod-pubsub/blob/v2.0.3/README.md#permissions

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                oleksandrkurash Alexander Kurash
                hji Hongwei Ji
                Votes:
                1 Vote for this issue
                Watchers:
                17 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases