Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66182

Outgoing Mail - Remove ability to click eye icon to view SMTP password

    XMLWordPrintable

Details

    • MOODLE_37_STABLE

    Description

      As a Moodle Partner this is a request from one of our customers regarding security concerns.

      Request: Information such as the outgoing mail SMTP password should be encrypted when stored and should not be able to be recover by simply clicking the eye button.

       

      Whilst administrators should be trusted users, it is a potential security concern having a password reveal-able by clicking an eye icon. Similar to how user passwords are not reveal-able in the front end of Moodle.

       

      Upon entering information into the SMTP password field, the password should be saved/encrypted and no longer reveal-able. If the password is wrong or needs to be changed, an administrator can simply re-enter a new password field to overwrite the old password, into this field. It is also worth considering whether any ability to reveal information by clicking an eye icon, could be removed.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              eddclementson Edd Clementson
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              8 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: