Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66182

Outgoing Mail - Remove ability to click eye icon to view SMTP password

    XMLWordPrintable

    Details

    • Affected Branches:
      MOODLE_37_STABLE

      Description

      As a Moodle Partner this is a request from one of our customers regarding security concerns.

      Request: Information such as the outgoing mail SMTP password should be encrypted when stored and should not be able to be recover by simply clicking the eye button.

       

      Whilst administrators should be trusted users, it is a potential security concern having a password reveal-able by clicking an eye icon. Similar to how user passwords are not reveal-able in the front end of Moodle.

       

      Upon entering information into the SMTP password field, the password should be saved/encrypted and no longer reveal-able. If the password is wrong or needs to be changed, an administrator can simply re-enter a new password field to overwrite the old password, into this field. It is also worth considering whether any ability to reveal information by clicking an eye icon, could be removed.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                8 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: