LDAP Binding password field in plain text?

Question

LDAP Binding password field in plain text?

Closed this issue 8 years ago · 2 comments

HI,

I noticed that in discourse, under the settings and LDAP bind password field is in plain text?
It would make a lot of sense to me, if its field type is password and password is masked from prying eye

Regards

Answer 1 · 2017-02-23T03:20:16.000Z

I don't think Discourse has that as an option when specifying config values; the top comment here specifies the options: https://github.com/discourse/discourse/blob/master/config/site_settings.yml.

I agree it is a bit of a security risk to store a password as plaintext in the DB and not mask the input in the configs, but, unfortunately, I don't think there is an easy way to hash the password and mask the input.

Answer 2 · 2017-02-23T08:37:26.000Z

Thanks! I guess we can close the issue then :)