Opush
  1. Opush
  2. OP-56

T#10428 Opush 3.0 stores plain password in database

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.1
    • Labels:
      None
    • Rank:
      6243
    • Sprint:
      Lyon Kanban

      Description

      Opush stores full credentials in Cassandra tables 'synced_collection' and 'monitored_collection.

      I must only store username.

        Activity

        Simon ELBAZ made changes -
        Field Original Value New Value
        Description Opush stocke en clair le mot de passe des utilisateurs dans la base de données. Opush stores plain password in database.
        Simon ELBAZ made changes -
        Summary T#10428 Opush 3.0 stocke le mot de passe en clair dans la base T#10428 Opush 3.0 stores plain password in database
        Matthieu EXT_BAECHLER made changes -
        Fix Version/s 3.0.1 [ 12401 ]
        Priority Normal [ 6 ] Critical [ 2 ]
        Description Opush stores plain password in database. Opush stores full credentials in Cassandra tables 'synced_collection' and 'monitored_collection.

        I must only store username.
        Thomas HILAIRE made changes -
        Sprint Lyon Kanban [ 21 ]
        Thomas HILAIRE made changes -
        Assignee Matthieu Baechler [ mbaechler@linagora.com ] Thomas Hilaire [ thilaire@linagora.com ]
        Thomas HILAIRE made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Matthieu EXT_BAECHLER made changes -
        Status In Progress [ 3 ] In Review [ 10001 ]
        Hide
        Matthieu EXT_BAECHLER added a comment -

        This code is triggered for almost any synchronization.
        We should ensure that the live migration is really well behaving by :
        1/ having opush 3.0 running on one server
        2/ install opush 3.0.1-rc on another server
        3/ check that 3.0.1 does not allow synchronization
        4/ upgrade schema via 3.0.1 crash console
        5/ check that opush 3.0.0 still works
        6/ restart opush 3.0.1
        7/ both servers should allow syncing

        Show
        Matthieu EXT_BAECHLER added a comment - This code is triggered for almost any synchronization. We should ensure that the live migration is really well behaving by : 1/ having opush 3.0 running on one server 2/ install opush 3.0.1-rc on another server 3/ check that 3.0.1 does not allow synchronization 4/ upgrade schema via 3.0.1 crash console 5/ check that opush 3.0.0 still works 6/ restart opush 3.0.1 7/ both servers should allow syncing
        Matthieu EXT_BAECHLER made changes -
        Status In Review [ 10001 ] Ready To Merge [ 10002 ]
        Resolution Fixed [ 1 ]
        Matthieu EXT_BAECHLER made changes -
        Status Ready To Merge [ 10002 ] Resolved [ 5 ]
        Hide
        Stephane COLSON added a comment -

        OK with version 3.0.0-rc3 and synced_collection (for 3.0.0) and synced_collection_v2 (for 3.0.1). But I cannot see any password in monitored_collection.

         user                 | device                                                                                                                                                                      | collection_id | analysed_sync_collection
        ----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
         iphone@obm14.lyn.lng | {"databaseId":3,"devId":{"deviceId":"ApplDNRH7C5UDP0N"},"devType":"iPhone","hints":{"hint.multipleCalendars":"false","hint.loadAttendees":"true"},"protocolVersion":"V121"} |            19 |             {"changes":null,"collectionId":19,"collectionPath":"obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users","commands":{},"dataType":"CONTACTS","deletesAsMoves":null,"options":{"bodyPreferences":[{"allOrNone":false,"truncationSize":32768,"type":"PlainText"}],"conflict":1,"deletesAsMoves":true,"filterType":"THREE_DAYS_BACK","mimeSupport":null,"mimeTruncation":null,"truncation":9},"status":"OK","syncKey":{"syncKey":"250ddb50-779e-49ae-955d-5a786e0edb93"},"windowSize":25}
        

        instead of

         credentials                                                                                                                    | device                                                                                                                                                                      | collection_id | analysed_sync_collection
        --------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
         {"password":"toto","user":{"displayName":"iphone","domain":"obm14.lyn.lng","email":"iphone@obm14.lyn.lng","login":"iphone"}} | {"databaseId":3,"devId":{"deviceId":"ApplDNRH7C5UDP0N"},"devType":"iPhone","hints":{"hint.multipleCalendars":"false","hint.loadAttendees":"true"},"protocolVersion":"V121"} |            19 |            {"changes":null,"collectionId":19,"collectionPath":"obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users","commands":{},"dataType":"CONTACTS","deletesAsMoves":null,"options":{"bodyPreferences":[{"allOrNone":false,"truncationSize":32768,"type":"PlainText"}],"conflict":1,"deletesAsMoves":true,"filterType":"THREE_DAYS_BACK","mimeSupport":null,"mimeTruncation":null,"truncation":9},"status":"OK","syncKey":{"syncKey":"c46da2b2-e874-4dd8-9e86-ab9e33b3aa64"},"windowSize":25}
        
        Show
        Stephane COLSON added a comment - OK with version 3.0.0-rc3 and synced_collection (for 3.0.0) and synced_collection_v2 (for 3.0.1). But I cannot see any password in monitored_collection. user | device | collection_id | analysed_sync_collection ----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- iphone@obm14.lyn.lng | { "databaseId" :3, "devId" :{ "deviceId" : "ApplDNRH7C5UDP0N" }, "devType" : "iPhone" , "hints" :{ "hint.multipleCalendars" : " false " , "hint.loadAttendees" : " true " }, "protocolVersion" : "V121" } | 19 | { "changes" : null , "collectionId" :19, "collectionPath" : "obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users" , "commands" :{}, "dataType" : "CONTACTS" , "deletesAsMoves" : null , "options" :{ "bodyPreferences" :[{ "allOrNone" : false , "truncationSize" :32768, "type" : "PlainText" }], "conflict" :1, "deletesAsMoves" : true , "filterType" : "THREE_DAYS_BACK" , "mimeSupport" : null , "mimeTruncation" : null , "truncation" :9}, "status" : "OK" , "syncKey" :{ "syncKey" : "250ddb50-779e-49ae-955d-5a786e0edb93" }, "windowSize" :25} instead of credentials | device | collection_id | analysed_sync_collection --------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ { "password" : "toto" , "user" :{ "displayName" : "iphone" , "domain" : "obm14.lyn.lng" , "email" : "iphone@obm14.lyn.lng" , "login" : "iphone" }} | { "databaseId" :3, "devId" :{ "deviceId" : "ApplDNRH7C5UDP0N" }, "devType" : "iPhone" , "hints" :{ "hint.multipleCalendars" : " false " , "hint.loadAttendees" : " true " }, "protocolVersion" : "V121" } | 19 | { "changes" : null , "collectionId" :19, "collectionPath" : "obm:\\\\iphone@obm14.lyn.lng\\contacts\\-1:users" , "commands" :{}, "dataType" : "CONTACTS" , "deletesAsMoves" : null , "options" :{ "bodyPreferences" :[{ "allOrNone" : false , "truncationSize" :32768, "type" : "PlainText" }], "conflict" :1, "deletesAsMoves" : true , "filterType" : "THREE_DAYS_BACK" , "mimeSupport" : null , "mimeTruncation" : null , "truncation" :9}, "status" : "OK" , "syncKey" :{ "syncKey" : "c46da2b2-e874-4dd8-9e86-ab9e33b3aa64" }, "windowSize" :25}
        Stephane COLSON made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Thomas HILAIRE
            Reporter:
            Simon ELBAZ
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Agile