[PATCH 2 of 8] admin: e-mail: remove display of SMTP password

[Thomas De Schampheleire]

On Thu, Jul 23, 2015 at 2:11 PM, Mads Kiilerich <mads at kiilerich.com> wrote:
> On 07/22/2015 09:50 PM, Thomas De Schampheleire wrote:
>>
>> # HG changeset patch
>> # User Thomas De Schampheleire <thomas.de.schampheleire at gmail.com>
>> # Date 1437508363 -7200
>> #      Tue Jul 21 21:52:43 2015 +0200
>> # Node ID f219f0a41f57655dd2125c9371db9ee1ac217a4b
>> # Parent  27fbaba10257132c1087a3dc7f7c2bdfd4b5ab9e
>> admin: e-mail: remove display of SMTP password
>>
>> It is quite useless, and in a way a security leak, to display the length
>> of
>> the SMTP password when showing the e-mail settings.
>> Removing any reference to the SMTP password has the additional advantage
>> of
>> making subsequent cleanup on this page easier.
>
>
> I don't really know how valuable it is to show .ini values in the UI (there
> is a lot of other settings we don't show - we either should or shouldn't)

I hadn't considered it, but I think you're right: it is not very
valuable to show the .ini values in the UI. The main use case I can
think of is to verify whether the .ini file you were changing is
really picked up by the application (which could be handled by making
the path to the .ini file available in the admin UI) , or specifically
whether the settings you configured are actually picked up by the
application (guarding against typos, for example). The latter is
however difficult, because some settings are really intended for other
components than Kallithea, and it is difficult/fragile to enlist them
all.

In any case, as you say, we shouldn't make an exception for the e-mail settings.

So, my suggestions are:
1. remove the e-mail settings from the UI (leaving only the test
functionality), and make no further changes
2. or, remove the e-mail settings from the UI, and add the path to or
name of the .ini file in some location. In this case, suggestions for
a good location in the UI are welcome.

What do you think?

/Thomas