You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "zhongdongyue (Jira)" <ji...@apache.org> on 2019/11/04 09:57:00 UTC
[jira] [Created] (SYNCOPE-1507) ACT_GE_BYTEARRAY表中包含密码明文等敏感信息
zhongdongyue created SYNCOPE-1507:
-------------------------------------
Summary: ACT_GE_BYTEARRAY表中包含密码明文等敏感信息
Key: SYNCOPE-1507
URL: https://issues.apache.org/jira/browse/SYNCOPE-1507
Project: Syncope
Issue Type: Bug
Affects Versions: 2.1.1
Reporter: zhongdongyue
Fix For: 2.1.1
Attachments: image-2019-11-04-17-22-34-128.png, image-2019-11-04-17-54-31-621.png
创建用户后,ACT_GE_BYTEARRAY表中仍然存有包含密码明文等敏感信息的用户创建信息,缺乏安全性。
# 查询出用户相关的序列化数据 !image-2019-11-04-17-22-34-128.png|width=590,height=150!
# 2. 导出为16进制数据
# 3. 将16进制转换为字符串(图中圈出的即为用户名及密码)
# !image-2019-11-04-17-54-31-621.png|width=526,height=148!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)