• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Was: SMTP server password not properly protected from view in configure

With the new very nice feature for SMTP authentication one thing has been overlooked.

Often configure is open for view in many new TWiki installations. Many will find out how to protect it by setting up additional protection in the .htaccess or httpd.conf files. But by default anyone can see configure but they cannot alter anything without knowing the special configure password that the admin defines the first time he runs configure.

The {SMTP}{Password} field is not in anyway protected from viewing.

This password is for many users the ISP password. So giving this way opens the smtp server for spam and it allows anyone to log in to the POP3 account at the ISP and read the private emails.

We need to make the {SMTP}{Password} a write only field. Noone should be able to read the password from configure.


No, I didn't overlook it. The doc reccomends making configure accessible only to selected users. It would be neat to provide the facility for hidden fields, but that isn't in configure yet. So I'm changing the headline here to that. I can accept it's a requirement, but it's not a release blocker so I'm reducing to normal.


The doc recommends...

We are luring our users into a trap. And the SMTP password is normally also your POP3 and web site password. It is serious to expose this.

A new admin installing TWiki for the first time will have his focus on many other things than setting up tight security on the configure script.

You should have taken care of this before adding the feature. I think you are taking people security a bit lightly just to press out 4.0.3.


At first I just saved it keeping normal

But then Peter said.

[20:49] <PeterThoeny> kenneth, security *is* important, i suggest to put it back to urgent

So here we begin the special sport called Bugs-Ping-Pong again.


Dammed. The type PASSWORD was actually already implemented.

And it works. I changed the SMTP password type to PASSWORD. And I tried to change is back and forth. I tried to clear it. I could not find anything wrong with that feature.

So I decided to check it into TWiki4.

The configure updates are not implemented in DEVELOP yet for some reason!

So I downgrade to normal so this is no longer a 4.0.3 release blocker.


Merged in Svens configure updates to configure (the part that handles the PASSWORD type) and fixed the TWiki.cfg issue also in DEVELOP. Ready for release.

Thanks Sven for making this so easy to fix. You must have a good crystal ball knowing that we would need that code later wink


Summary Support secret values in configure (display stars for passwords)
ReportedBy TWiki:Main.KennethLavrsen
Codebase ~twiki4, ~develop
SVN Range Wed, 24 May 2006 build 10305
AppliesTo Engine

Priority Urgent
CurrentState Closed

Checkins 10358 10361
TargetRelease patch
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r9 - 2006-06-08 - SteffenPoulsen
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback