Chris Betts
2012-02-14 23:21:52 UTC
I've stuck in some code to allow 'raw' passwords to be displayed, but as
Trudi says, most of the time this would be useless. *However* if you're
storing plain text passwords, you can make it work (but of course that
would generally be a security risk).
Trudi says, most of the time this would be useless. *However* if you're
storing plain text passwords, you can make it work (but of course that
would generally be a security risk).
---------- Forwarded message ----------
Date: Sat, Feb 11, 2012 at 11:09 AM
Subject: Re: JXplorer advice/help
Hi BlaŸ,
I've tweaked the html display to treat passwords as a text string,
<tr>
<td align="right" valign="top" width="200" class="title">Pwd:</td>
<td width="230">
<input type="text" name="userPassword" value=""/>
</td>
</tr>
<tr>
<td>Pwd (text):</td>
<td><dxtemplate: name='userPassword'></td>
</tr>
However, this will only work for you if the password is actually stored in
the directory as plain text; otherwise you'll see whatever the encoding is
(e.g. if it's base 64 then it will display as base 64)...
Let me know how it works!
cheers,
- Chris
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
--
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
Date: Sat, Feb 11, 2012 at 11:09 AM
Subject: Re: JXplorer advice/help
Hi BlaŸ,
I've tweaked the html display to treat passwords as a text string,
<tr>
<td align="right" valign="top" width="200" class="title">Pwd:</td>
<td width="230">
<input type="text" name="userPassword" value=""/>
</td>
</tr>
<tr>
<td>Pwd (text):</td>
<td><dxtemplate: name='userPassword'></td>
</tr>
However, this will only work for you if the password is actually stored in
the directory as plain text; otherwise you'll see whatever the encoding is
(e.g. if it's base 64 then it will display as base 64)...
Let me know how it works!
cheers,
- Chris
**
Hi,
Yes, ldap directory has userPassword attribute stored in plaintext (only
base64 encoded), its to increase its usability for different apps (
http://deployingradius.com/documents/protocols/compatibility.html). Its
used inside ssl/tls tunnels.
This plaintext display inside jxplorer would only be used in html view
for sending user printed(pdf) info about their account (via. standard mail).
In current jxplorer it already does display password in base64 encoding,
if you select type=text for userPassword attribute. It would only need to
be decoded to plain (One of screenshots in previous mail).
Were could be such "custom attribute display plug-in" added ? Is there an
option you would add this funcionality to your jxplorer version? If not,
can you please give me some hints where in the code to add the changes.
Is there an option to create packages for different platforms in the
project from svn? I was going through build.xml, and figured something like
"ant clean build ...." would do the trick.
cheers,
BlaŸD
10.02.2012 21:01, je Chris Betts napisal
Hi BlaŸ,
This is actually very difficult; normally a password value is hashed
into a one way encrypted set of bytes, so the actual plaintext is not
available within the directory at all. Further, the directory schema
specifies the password attribute as 'not a string', so JXplorer is not
expecting to see text for this attribute.
As a general rule, storing plain text passwords is quite dangerous,
and printing them out is also pretty risky?
If you really wanted this functionality we'd have to change some of
the basic behaviour of JXplorer using a 'custom attribute display' plug-in.
cheers,
- Chris
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
--
LP, BlaŸD
--Hi,
Yes, ldap directory has userPassword attribute stored in plaintext (only
base64 encoded), its to increase its usability for different apps (
http://deployingradius.com/documents/protocols/compatibility.html). Its
used inside ssl/tls tunnels.
This plaintext display inside jxplorer would only be used in html view
for sending user printed(pdf) info about their account (via. standard mail).
In current jxplorer it already does display password in base64 encoding,
if you select type=text for userPassword attribute. It would only need to
be decoded to plain (One of screenshots in previous mail).
Were could be such "custom attribute display plug-in" added ? Is there an
option you would add this funcionality to your jxplorer version? If not,
can you please give me some hints where in the code to add the changes.
Is there an option to create packages for different platforms in the
project from svn? I was going through build.xml, and figured something like
"ant clean build ...." would do the trick.
cheers,
BlaŸD
10.02.2012 21:01, je Chris Betts napisal
Hi BlaŸ,
This is actually very difficult; normally a password value is hashed
into a one way encrypted set of bytes, so the actual plaintext is not
available within the directory at all. Further, the directory schema
specifies the password attribute as 'not a string', so JXplorer is not
expecting to see text for this attribute.
As a general rule, storing plain text passwords is quite dangerous,
and printing them out is also pretty risky?
If you really wanted this functionality we'd have to change some of
the basic behaviour of JXplorer using a 'custom attribute display' plug-in.
cheers,
- Chris
Hello,
We're turning to you for some help with JXplorer. We're trying to use
printing function in jxplorer ldap editor in order to send our users
information about their acount. The problem is because the password value
("Geslo") is only displayed in as (binary value) or in second example
(htmlviewer) as base64 encoded string. Two screenshots are appended in
attachments. How could we display password in plaintext inside htmlview?
Thank you for taking the time to answer our questions. We look forward
to your response.
BlaŸ Divjak,
Arnes
--We're turning to you for some help with JXplorer. We're trying to use
printing function in jxplorer ldap editor in order to send our users
information about their acount. The problem is because the password value
("Geslo") is only displayed in as (binary value) or in second example
(htmlviewer) as base64 encoded string. Two screenshots are appended in
attachments. How could we display password in plaintext inside htmlview?
Thank you for taking the time to answer our questions. We look forward
to your response.
BlaŸ Divjak,
Arnes
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
--
LP, BlaŸD
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
--
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
--
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456
Dr Christopher Betts
Pegacat Software
Melbourne, Australia
m: 0408 533 456