Document security implications of shield and basic auth

Created on 18 May 2022, over 2 years ago

Updated 14 June 2024, 5 months ago

When you export the config the user and password are exported. People commit their config so you can end up with this information in your git and then on GitHub. Not only you can then bypass the shield, but people may use similar password for their admin account.

This is not a theoretical issue. A quick search on GitHub would prove it.

This module should follow a strict secure by design approach in my opinion.

✨ Feature request

Status

Active

Version

2.0

Component

Documentation

Created by

🇨🇭Switzerland gagarine

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 5 months ago →
🇦🇺Australia rakugaki Sydney
fyi enterprise configurations of chrome can now disable basic auth

https://issues.chromium.org/issues/40658986

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024