Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66182

Outgoing Mail - Remove ability to click eye icon to view SMTP password

XMLWordPrintable

    • MOODLE_37_STABLE

      As a Moodle Partner this is a request from one of our customers regarding security concerns.

      Request: Information such as the outgoing mail SMTP password should be encrypted when stored and should not be able to be recover by simply clicking the eye button.

       

      Whilst administrators should be trusted users, it is a potential security concern having a password reveal-able by clicking an eye icon. Similar to how user passwords are not reveal-able in the front end of Moodle.

       

      Upon entering information into the SMTP password field, the password should be saved/encrypted and no longer reveal-able. If the password is wrong or needs to be changed, an administrator can simply re-enter a new password field to overwrite the old password, into this field. It is also worth considering whether any ability to reveal information by clicking an eye icon, could be removed.

            Unassigned Unassigned
            eddclementson Edd Clementson
            Votes:
            8 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.