Encrypt credentials in settings.xml

Post here if you have some suggestions or you want to request a new feature.
Post Reply
axnav
Posts: 9
Joined: Thu May 19, 2016 10:11 am

Encrypt credentials in settings.xml

Post by axnav »

Dear developer,

please could you take into consideration to encrypt the credentials stored in settings.xml files?

<LDAP_BindDN>CN=xxx,CN=Users,CN=external,DC=xxx,DC=at</LDAP_BindDN>
<LDAP_BindPass>plain text password here</LDAP_BindPass>
<LDAP_BaseDN>CN=Users,CN=external,DC=navax,DC=at</LDAP_BaseDN>

To store such sensitive informations in plain text is not state of the art.

Kindly regards,
axnav // Michael
FTP
Site Admin
Posts: 1917
Joined: Tue Sep 29, 2009 6:09 am

Re: Encrypt credentials in settings.xml

Post by FTP »

OK, I suggest you create a temporary user for LDAP binding only, so its password won't be sensitive, like:

Code: Select all

User: CN=wingftpbind,CN=Users,CN=external,DC=xxx,DC=at
Pass: xxxxxx
Post Reply