You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "zhongdongyue (Jira)" <ji...@apache.org> on 2019/11/04 09:57:00 UTC

[jira] [Created] (SYNCOPE-1507) ACT_GE_BYTEARRAY表中包含密码明文等敏感信息

zhongdongyue created SYNCOPE-1507:
-------------------------------------

             Summary: ACT_GE_BYTEARRAY表中包含密码明文等敏感信息
                 Key: SYNCOPE-1507
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1507
             Project: Syncope
          Issue Type: Bug
    Affects Versions: 2.1.1
            Reporter: zhongdongyue
             Fix For: 2.1.1
         Attachments: image-2019-11-04-17-22-34-128.png, image-2019-11-04-17-54-31-621.png

创建用户后，ACT_GE_BYTEARRAY表中仍然存有包含密码明文等敏感信息的用户创建信息，缺乏安全性。
 # 查询出用户相关的序列化数据 !image-2019-11-04-17-22-34-128.png|width=590,height=150!
 # 2. 导出为16进制数据
 # 3. 将16进制转换为字符串(图中圈出的即为用户名及密码)
 # !image-2019-11-04-17-54-31-621.png|width=526,height=148!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)