Ticket #3613 (closed Bugs: wontfix)

Opened 3 years ago

Last modified 3 years ago

Password field in CallerID Lookup Sources should not be readble

Reported by: tshif Assigned to:
Priority: minor Milestone: 2.6
Component: CallerID Lookup Version: 2.5-branch
Keywords: password Cc:
Confirmation: Unreviewed SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

When configuring an http source in CallerID Lookup, the password field is a text box, and therefor readable. This is not typical expectation for a password field, and represents a potential problem in reduced user security when FreePBX is not deployed in the ACL mode.

The field should be changed to a "password" style text box, which will then obfuscate the passwords.

Change History

04/03/09 18:24:43 changed by xrobau

  • status changed from new to closed.
  • resolution set to wontfix.

This has been discussed a few times. Putting the password in a 'password' style box does not secure anything, at all. You can view the password just as easily by viewing the source of the webpage.

No passwords in FreePBX are set in a 'password' box, as having the password visible aids in debugging auth issues.

If you do not want people to see the password, you should not give them access to the CID Lookups page, using the Administrators option.