I have…
- Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.
I’m submitting a…
- Regression (a behavior that stopped working in a new release)
- Bug report
- Performance issue
- Documentation issue or request
Current behavior
Unencrypted passwords in exported data.
Expected behavior
The password is encrypted.
Minimal reproduction of the problem
- Create a rule with a mail and configure it
- Export configuration using
sq sync out ...
- Open exported rule in an editor
Environment
- Self hosted with docker
- Self hosted with IIS
- Self hosted with other version
- Cloud version
Version: 7.8.2
Browser:
- Chrome (desktop)
- Chrome (Android)
- Chrome (iOS)
- Firefox
- Safari (desktop)
- Safari (iOS)
- IE
- Edge
Others:
none
A solution could be to require a password when exporting the data to encrypt sensitive data. The user would then need to provide it when importing the data. The tool could also generate a password during export and show it to the user.
For convenience, the tool could derive a password from the current system or use the data protection API in .NET. But this would require the user to use the same system or user account for import.