Item1181: LdapContrib's BindPassword saved as cleartext
Priority: Enhancement
Current State: No Action Required
Released In: n/a
Target Release: n/a
In file
LocalSite.cfg
, the setting
$Foswiki::cfg{Ldap}{BindPassword}
is in clear.
Would it not better if it was encrypted ? Maybe I'm wrong and it's impossible to do.
In my configuration I'm not using TLS.
Though it would be preferable, note that it would not provide true security from those with server access, since Foswiki needs to be able to decrypt it when sending the password to the LDAP server. Anyone with access to
LocalSite.cfg
will presumably also have access to the Foswiki software and the decryption key.
(It would help prevent admin users from glimpsing the password when viewing
LocalSite.cfg
, and possibly add an extra layer of security for web-based access via bin/configure. However assuming the decryption key itself were configurable, then the natural place to store that too would be in
LocalSite.cfg
, and so the key would be visible in bin/configure.)
--
IsaacLin - 02 Mar 2009
The
BindPassword
has to be in clear text as that's the way the LDAP api is expecting it. So please make sure that your
LocalSite.cfg
file is secure, i.e. only readable by the user running foswiki.
--
MichaelDaum - 09 Nov 2010