Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API information is being shown in plain text #792

Closed
pablotr9 opened this issue Jul 30, 2019 · 3 comments
Closed

API information is being shown in plain text #792

pablotr9 opened this issue Jul 30, 2019 · 3 comments
Assignees
@pablotr9
Labels
type/bug Bug issue
Milestone
31st week sprint

Comments

@pablotr9
Copy link
Contributor

Wazuh Splunk Rev
3.10 7.3.0 33

Description
When we navigate through the Wazuh App, the connection to the API is checked, this connection check is currently done using API details (user/pass/url/port) as plain text, this is wrong and we must hide this sensitive information.
image
image (1)
@pablotr9 pablotr9 added the type/bug Bug issue label Jul 30, 2019
@pablotr9 pablotr9 self-assigned this Jul 30, 2019
@pablotr9 pablotr9 added this to the 31th week sprint milestone Jul 30, 2019
@pablotr9
Copy link
Contributor Author

pablotr9 commented Jul 30, 2019
edited
Loading

Update
Working on this branch: https://github.com/wazuh/wazuh-splunk/tree/3.10-issue-792
The API connection is now being checked using its ID and all the requests are now done in the back-end. e666293
The password is now hidden to the user:
image
Problems encountered:
Some API requests are being performed multiple times in every transition, (e.g. cluster status, cluster and manager name) but one request should be enough.

@pablotr9
Copy link
Contributor Author

Update
When the user clicks on settings and all APIs are loaded, we can see the API data including the password which should be hidden to the user.
This also happens when clicking "Set as default Manager" button:
image
image

@pablotr9 pablotr9 mentioned this issue Jul 31, 2019
Closed
@pablotr9
Copy link
Contributor Author

Update
When checking the API connection, if there was any error (e.g. API stopped) the user was not notified of the problem and was being redirected to Settings tab.
Now an error toast have been added to let the user know that there is a problem with the API connection.

jesusgn90 pushed a commit that referenced this issue Jul 31, 2019
@pablotr9
Backport #792 for 3.9.4. Hide API password on requests (#796)
c68f688
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pablotr9 pablotr9

Labels
type/bug Bug issue
Projects
None yet
Milestone
31st week sprint
Development

No branches or pull requests
2 participants
@jesusgn90 @pablotr9