[
https://issues.apache.org/jira/browse/USERGRID-672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14554604#comment-14554604
]
ASF GitHub Bot commented on USERGRID-672:
-----------------------------------------
GitHub user r3b opened a pull request:
https://github.com/apache/incubator-usergrid/pull/253
[USERGRID-672] Remove password properties from user objects in portal
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/incubator-usergrid USERGRID-672
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-usergrid/pull/253.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #253
----
commit 71754deb58eb91e260e0d73feb0efafd94f3d79f
Author: ryan bridges <ry...@apache.org>
Date: 2015-05-21T16:17:01Z
[USERGRID-672] Remove password properties from user objects in portal
----
> Portal stores the password of an app user after it is created in clear-text
> ---------------------------------------------------------------------------
>
> Key: USERGRID-672
> URL: https://issues.apache.org/jira/browse/USERGRID-672
> Project: Usergrid
> Issue Type: Bug
> Reporter: Jeffrey
> Assignee: ryan bridges
>
> After creating an app user their password is stored in clear-text in the
> portal. It should not be persisted in the session or displayed in the portal
> in clear-text
> IMPORTANT NOTE: the current version of the Portal that we use (at Apigee) is
> setup to enable the new Usergrid Central SSO, so if it is to be deployed
> before Central SSO is enabled in prod, then you will have to disable central
> SSO in the portal before deploying it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
