Incubator-superset: Password to databases should be hidden by default

Created on 15 Apr 2016  路  3Comments  路  Source: apache/incubator-superset

If you go to http://localhost:8088/databaseview/show/2 (where 2 is the id of your database), you will see password in plain sight:

screen shot 2016-04-15 at 10 18 24

I don't think it's very secured, since https is not enforced by default either :disappointed:

#bug
Source
picture lenguyenthedat

Most helpful comment

Merged, 0.8.8 is out and addressing the issue. I'm communicating to the community now via the Google group and Gitter channel. Again, thanks for pointing this out.

picture mistercrunch on 15 Apr 2016
👍2 😄1

All 3 comments

Oh wow. Thanks for reporting that. The password is encrypted in the database, but shouldn't be in plain sight here. I'll pull it out of that view right now.

mistercrunch picture mistercrunch on 15 Apr 2016

https://github.com/airbnb/caravel/pull/355

mistercrunch picture mistercrunch on 15 Apr 2016

Merged, 0.8.8 is out and addressing the issue. I'm communicating to the community now via the Google group and Gitter channel. Again, thanks for pointing this out.

mistercrunch picture mistercrunch on 15 Apr 2016
👍2 😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

XiaodiKong picture XiaodiKong  路  3Comments
john-bodley picture john-bodley  路  3Comments
shyam2794 picture shyam2794  路  3Comments
amien90 picture amien90  路  3Comments
thoralf-gutierrez picture thoralf-gutierrez  路  3Comments