Opush
  1. Opush
  2. OP-56

T#10428 Opush 3.0 stores plain password in database

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.1
    • Labels:
      None
    • Rank:
      6243
    • Sprint:
      Lyon Kanban

      Description

      Opush stores full credentials in Cassandra tables 'synced_collection' and 'monitored_collection.

      I must only store username.

        Activity

        Hide
        Stephane COLSON added a comment -

        OK with version 3.0.0-rc3 and synced_collection (for 3.0.0) and synced_collection_v2 (for 3.0.1). But I cannot see any password in monitored_collection.

         user                 | device                                                                                                                                                                      | collection_id | analysed_sync_collection
        ----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
         iphone@obm14.lyn.lng | {"databaseId":3,"devId":{"deviceId":"ApplDNRH7C5UDP0N"},"devType":"iPhone","hints":{"hint.multipleCalendars":"false","hint.loadAttendees":"true"},"protocolVersion":"V121"} |            19 |             {"changes":null,"collectionId":19,"collectionPath":"obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users","commands":{},"dataType":"CONTACTS","deletesAsMoves":null,"options":{"bodyPreferences":[{"allOrNone":false,"truncationSize":32768,"type":"PlainText"}],"conflict":1,"deletesAsMoves":true,"filterType":"THREE_DAYS_BACK","mimeSupport":null,"mimeTruncation":null,"truncation":9},"status":"OK","syncKey":{"syncKey":"250ddb50-779e-49ae-955d-5a786e0edb93"},"windowSize":25}
        

        instead of

         credentials                                                                                                                    | device                                                                                                                                                                      | collection_id | analysed_sync_collection
        --------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
         {"password":"toto","user":{"displayName":"iphone","domain":"obm14.lyn.lng","email":"iphone@obm14.lyn.lng","login":"iphone"}} | {"databaseId":3,"devId":{"deviceId":"ApplDNRH7C5UDP0N"},"devType":"iPhone","hints":{"hint.multipleCalendars":"false","hint.loadAttendees":"true"},"protocolVersion":"V121"} |            19 |            {"changes":null,"collectionId":19,"collectionPath":"obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users","commands":{},"dataType":"CONTACTS","deletesAsMoves":null,"options":{"bodyPreferences":[{"allOrNone":false,"truncationSize":32768,"type":"PlainText"}],"conflict":1,"deletesAsMoves":true,"filterType":"THREE_DAYS_BACK","mimeSupport":null,"mimeTruncation":null,"truncation":9},"status":"OK","syncKey":{"syncKey":"c46da2b2-e874-4dd8-9e86-ab9e33b3aa64"},"windowSize":25}
        
        Show
        Stephane COLSON added a comment - OK with version 3.0.0-rc3 and synced_collection (for 3.0.0) and synced_collection_v2 (for 3.0.1). But I cannot see any password in monitored_collection. user | device | collection_id | analysed_sync_collection ----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- iphone@obm14.lyn.lng | { "databaseId" :3, "devId" :{ "deviceId" : "ApplDNRH7C5UDP0N" }, "devType" : "iPhone" , "hints" :{ "hint.multipleCalendars" : " false " , "hint.loadAttendees" : " true " }, "protocolVersion" : "V121" } | 19 | { "changes" : null , "collectionId" :19, "collectionPath" : "obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users" , "commands" :{}, "dataType" : "CONTACTS" , "deletesAsMoves" : null , "options" :{ "bodyPreferences" :[{ "allOrNone" : false , "truncationSize" :32768, "type" : "PlainText" }], "conflict" :1, "deletesAsMoves" : true , "filterType" : "THREE_DAYS_BACK" , "mimeSupport" : null , "mimeTruncation" : null , "truncation" :9}, "status" : "OK" , "syncKey" :{ "syncKey" : "250ddb50-779e-49ae-955d-5a786e0edb93" }, "windowSize" :25} instead of credentials | device | collection_id | analysed_sync_collection --------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ { "password" : "toto" , "user" :{ "displayName" : "iphone" , "domain" : "obm14.lyn.lng" , "email" : "iphone@obm14.lyn.lng" , "login" : "iphone" }} | { "databaseId" :3, "devId" :{ "deviceId" : "ApplDNRH7C5UDP0N" }, "devType" : "iPhone" , "hints" :{ "hint.multipleCalendars" : " false " , "hint.loadAttendees" : " true " }, "protocolVersion" : "V121" } | 19 | { "changes" : null , "collectionId" :19, "collectionPath" : "obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users" , "commands" :{}, "dataType" : "CONTACTS" , "deletesAsMoves" : null , "options" :{ "bodyPreferences" :[{ "allOrNone" : false , "truncationSize" :32768, "type" : "PlainText" }], "conflict" :1, "deletesAsMoves" : true , "filterType" : "THREE_DAYS_BACK" , "mimeSupport" : null , "mimeTruncation" : null , "truncation" :9}, "status" : "OK" , "syncKey" :{ "syncKey" : "c46da2b2-e874-4dd8-9e86-ab9e33b3aa64" }, "windowSize" :25}
        Hide
        Matthieu EXT_BAECHLER added a comment -

        This code is triggered for almost any synchronization.
        We should ensure that the live migration is really well behaving by :
        1/ having opush 3.0 running on one server
        2/ install opush 3.0.1-rc on another server
        3/ check that 3.0.1 does not allow synchronization
        4/ upgrade schema via 3.0.1 crash console
        5/ check that opush 3.0.0 still works
        6/ restart opush 3.0.1
        7/ both servers should allow syncing

        Show
        Matthieu EXT_BAECHLER added a comment - This code is triggered for almost any synchronization. We should ensure that the live migration is really well behaving by : 1/ having opush 3.0 running on one server 2/ install opush 3.0.1-rc on another server 3/ check that 3.0.1 does not allow synchronization 4/ upgrade schema via 3.0.1 crash console 5/ check that opush 3.0.0 still works 6/ restart opush 3.0.1 7/ both servers should allow syncing

          People

          • Assignee:
            Thomas HILAIRE
            Reporter:
            Simon ELBAZ
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Agile