Security improvements

[massiws]

Hi,

working on a new project with nuBuilder, I start to think some improvements to make nuBuilder (if possible!) better and more secure.
First, I think that storing the password in a plain-text field in database is not a good idea: they could be managed and stored with sha1 or md5 algorithm.
Also, in Setup > Email Settings the Password input field could be type="password".

I know, these information could be accessible only to admin, but security is never too much.

Am I thinking wrong?

Max

[admin]

Max,

Both are good ideas.

Implementing the first is something we are planning to do.

For the second..

I'll put this in the next change log and fix it in the download.

But you can run this now..

Code: Select all

UPDATE zzsys_object SET sob_text_password = '1' WHERE zzsys_object_id = 'SMTPAUTH100003';

Steven

[massiws]

Steven,

I wait quietly the first and thank you for the second.

Thanks for all your job!

[johan]

Steven,

Are there any plans to integrate LDAP in Nubuilder? Would be nice.

Johan

[admin]

Johan,

Not at this point, sorry.

Steven

[manlug]

Maybe it would be good, that was modular nuBuilder.
And the community will to make their own modules.
Surely some would eventually be incorporated into the official development.

[admin]

manlug,

Good suggestion.

Steven