Password sexurity with Quemetrics 1.4.4

[rjch]

Whilst creating a new account for someone recently, I was horrified to discover that whenever you edit a user account, their password is displayed in clear text on the screen with no obfuscation at all.

It's been some time since I last edited user accounts on our system, so it's possible that this isn't a new problem - though generally speaking it's the kind of thing I look for when entering passwords.

Could we please look at obscuring passwords when they are being entered?  Additionally, this raises the concern of how passwords are stored in the database - are they encrypted at all?  If not, this too is a significant security problem.

[QueueMetrics]

At the moment, passwords are stored in clear text in the database.
We are at the moment working on a different security approach, namely an external auth source (be it LDAP, XML-RPC, etc) that can be integrated with QM users so that you have the userrname and password credentials stored elsewhere and you just have the class/key association in QM.

[rjch]

Regardless of whether you're looking at implementing the option for external security or not, it's vital that passwords are obscured when entering them for local accounts.  It's the most basic tenant of security that passwords shouldn't be displayed in cleartext on the screen - after all, you obscure the password when someone enters it at the login screen - why not obscure it when an administrator is modifying an account?

[QueueMetrics]

Well the idea here was that an administrator could want to fetch a password from the DB - after all not everybody should be able to access the database, and if you keep the DB world-readable, this is bad security in any case.

Anyway as implementing the change is actually trivial, even in a backwards-compatible fashion, if a number of people are interested (or this is vital for you and you're willingly to sponsor a small custom improvement) we can do it with no problems.