Page 1 of 1

Encrypt credentials in settings.xml

Posted: Wed Nov 03, 2021 1:11 pm
by axnav
Dear developer,

please could you take into consideration to encrypt the credentials stored in settings.xml files?

<LDAP_BindDN>CN=xxx,CN=Users,CN=external,DC=xxx,DC=at</LDAP_BindDN>
<LDAP_BindPass>plain text password here</LDAP_BindPass>
<LDAP_BaseDN>CN=Users,CN=external,DC=navax,DC=at</LDAP_BaseDN>

To store such sensitive informations in plain text is not state of the art.

Kindly regards,
axnav // Michael

Re: Encrypt credentials in settings.xml

Posted: Wed Nov 03, 2021 2:27 pm
by FTP
OK, I suggest you create a temporary user for LDAP binding only, so its password won't be sensitive, like:

Code: Select all

User: CN=wingftpbind,CN=Users,CN=external,DC=xxx,DC=at
Pass: xxxxxx