Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

password_plaintext considered harmful #1

Open
annabunches opened this issue Apr 26, 2020 · 3 comments
Open

password_plaintext considered harmful #1

annabunches opened this issue Apr 26, 2020 · 3 comments
Labels
bug Something isn't working

Comments

@annabunches
Copy link
Collaborator

annabunches commented Apr 26, 2020
edited

The members table has this field. It probably shouldn't. My recommendations:

  1. make sure it isn't used anywhere
  2. drop the field from the table
  3. update the schema
  4. profit
@annabunches annabunches added the bug Something isn't working label Apr 26, 2020
@annabunches
Copy link
Collaborator Author

annabunches commented Apr 27, 2020
edited

Findings so far (a bit rambly, more succinct updates when I know more):

@annabunches
Copy link
Collaborator Author

Additional findings:

  • Despite previous suppositions about Member::save, empirical testing so far has not revealed any way to set password_plaintext - injecting the appropriate form parameter on the /members/add route does not result in the value being set in the database.
  • Still need to try with the API, however.

@annabunches
Copy link
Collaborator Author

Update on this: shortly after the last comment in here we determined that the field is not in use by anything, and also that it is not populated, so this became a much lower-priority issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@annabunches