Opened 12 years ago
Closed 12 years ago
#2069 closed defect (fixed)
Maestro cannot create encrypted MG_USER_CREDENTIALS resource data
| Reported by: | jng | Owned by: | jng |
|---|---|---|---|
| Priority: | high | Milestone: | Maestro-4.0-maintenance |
| Component: | Maestro | Version: | |
| Severity: | blocker | Keywords: | |
| Cc: | External ID: |
Description
Maestro has been creating feature sources with plaintext credentials since the very beginning.
It turns out the secure alternative (with %MG_USERNAME% and %MG_PASSWORD% placeholders) currently is not possible because Maestro does not have the ability to encrypt the entered username/password into the MG_USER_CREDENTIALS resource data.
There is major security implications in not being able to do this as Anonymous users can access such feature source. Denying repository read access breaks rendering/stylization for this user and is not an acceptable workaround.
Note:
See TracTickets
for help on using tickets.
Fixed trunk (r6887) and 4.0.x (r6891)