Incubator-superset: Password to databases should be hidden by default

Created on 15 Apr 2016  路  3Comments  路  Source: apache/incubator-superset

If you go to http://localhost:8088/databaseview/show/2 (where 2 is the id of your database), you will see password in plain sight:

screen shot 2016-04-15 at 10 18 24

I don't think it's very secured, since https is not enforced by default either :disappointed:

#bug
Source
picture lenguyenthedat

Most helpful comment

Merged, 0.8.8 is out and addressing the issue. I'm communicating to the community now via the Google group and Gitter channel. Again, thanks for pointing this out.

picture mistercrunch on 15 Apr 2016
👍2 😄1

All 3 comments

Oh wow. Thanks for reporting that. The password is encrypted in the database, but shouldn't be in plain sight here. I'll pull it out of that view right now.

mistercrunch picture mistercrunch on 15 Apr 2016

https://github.com/airbnb/caravel/pull/355

mistercrunch picture mistercrunch on 15 Apr 2016

Merged, 0.8.8 is out and addressing the issue. I'm communicating to the community now via the Google group and Gitter channel. Again, thanks for pointing this out.

mistercrunch picture mistercrunch on 15 Apr 2016
👍2 😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ylkjick532428 picture ylkjick532428  路  3Comments
deity-bram picture deity-bram  路  3Comments
tmccartan picture tmccartan  路  3Comments
gbrian picture gbrian  路  3Comments
ghost picture ghost  路  3Comments