516 – Password visible in Properties view

Bug 516 - Password visible in Properties view

Summary: Password visible in Properties view

Status:	VERIFIED FIXED

Alias:	None

Product:	Identity Designer
Classification:	Identity Manager
Component:	Modeler (show other bugs)
Version:	1.0.0 Designer
Hardware:	Other Other

Priority:	P2 - High Severity: Critical (vote)
Target Milestone:	1.0 M2
Assignee:	Will Peterson
QA Contact:	Tim Pew

URL:
Whiteboard:
Keywords:	Built, Provo

Depends on:
Blocks:

Clone This Bug

Reported:	2004-12-09 23:40 UTC by Tim Pew
Modified:	2011-06-03 14:51 UTC (History)
CC List:	0 users

See Also:
Found By:	Integration Test
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Pew 2004-12-09 23:40:23 UTC

DETAILED DESCRIPTION:  In the modeler, add an identity vault and edit the
properties. Add a host name, username, and password and click OK to save the
values. Select the Identity Vault in the modeler and look in the Properties View
and you can see the password value in clear text!

This brings up the question of how that password is stored in Designer. It might
be better to simply prompt for the password whenever it is needed rather than
store the password in Designer.

BUILD NUMBER: 0909 integration build 8
Oses/CONFIG: Win2KPro
STEPS TO REPRO: 
RESULTS:
EXPECTED: 
WORKAROUNDS: 
CUSTOMER IMPACT:

Comment 1 Tim Pew 2004-12-09 23:41:29 UTC

wpeterson (  12/8/2004 3:17:17 PM  Fixing - Fix Is Checked-In ) I added encode /
decode functionality to the identity vault password
 
bstreet (  12/3/2004 9:48:14 AM  Fixing - Approved for Investigation ) Will- 
The storage of a password obfuscated is yours to handle in the model right. 
tpew (  11/30/2004 2:03:17 PM  Fixing - Failed ) The password is hidden now, but
there's still the other part of the issue around storing an eDir password in a
project.
 
bstreet (  9/13/2004 5:42:06 PM  Fixing - Approved for Investigation ) We need
to always prompt for passwords when accessing a directory or prompt for a
password  when you login to designer.  We need to store the passwords encrypted
as well 
tpew (  9/13/2004 11:08:47 AM  Fixing - Failed ) Nothing has changed in the M1
build. Why was this assigned back to me?
 
tpew (  9/10/2004 10:46:04 AM  Fixing - Info/Resources Required ) Here's my
concern: If we store the username AND password in Designer, then anyone who gets
on the machine has access to the directory. It's very shaky security if the user
can automatically login without proving who they are. I'm not suggesting that we
force a re-enter of passwords everywhere, but they should have to enter it once
and then we can use that authenticated session until Designer is closed or the
session times out.
 
llowry (  9/8/2004 3:15:35 PM  Fixing - Approved for Investigation ) In the
future, the password will be encypted in the Project View.  It's too much burden
to force a re-entering of passwords everywhere.
 
bstreet (  9/8/2004 12:18:38 PM  Fixing - New ) We applied for an ECR for M1 and
told the export people that post-m1 we would be determining a way to encrypt
passwords.  This is post M1.

Comment 2 Tim Pew 2004-12-10 00:00:45 UTC

Transferred from Remedy DEFECT000382748.
Status when transferred: Fixing/Fix Is Checked-In

Comment 3 Bill Street 2004-12-10 00:14:30 UTC

This defect has been checked in.

Comment 4 Howard Vanfleet 2005-01-04 01:43:44 UTC

Included in Designer build 20050103

Comment 5 Howard Vanfleet 2005-01-05 00:22:32 UTC

Included in Designer build 20050104

Comment 6 Howard Vanfleet 2005-01-07 17:52:39 UTC

Included in Designer build 20050107

Comment 7 Howard Vanfleet 2005-01-11 21:01:53 UTC

Included in Designer build 20050111

Comment 8 Howard Vanfleet 2005-01-12 23:33:12 UTC

Included in build 20050112

Comment 9 Howard Vanfleet 2005-01-13 23:46:00 UTC

Included in build 20050113

Comment 10 Howard Vanfleet 2005-01-14 22:09:44 UTC

Included in Designer build 20050114

Comment 11 Howard Vanfleet 2005-01-19 23:45:05 UTC

Included in Designer build 20050119

Comment 12 Howard Vanfleet 2005-01-22 00:55:24 UTC

Included in designer build 20050121

Comment 13 Howard Vanfleet 2005-01-25 00:36:28 UTC

Included in Designer build 20050124

Comment 14 Howard Vanfleet 2005-01-25 22:03:11 UTC

Included in Designer build 20050125

Comment 15 Howard Vanfleet 2005-02-01 23:50:20 UTC

Included in the Designer build 20050201

Comment 16 Howard Vanfleet 2005-02-07 17:05:12 UTC

Included in Designer build 20050207

Comment 17 Bill Street 2005-09-16 21:31:49 UTC

Adding built keyword.

Comment 18 Bill Street 2007-04-30 16:37:06 UTC

Marking closed/resolved fixed bugs public view.

Comment 19 Bill Street 2007-04-30 16:39:35 UTC

Marking closed/resolved fixed bugs public view.