[PATCH 2 of 8] admin: e-mail: remove display of SMTP password

Mads Kiilerich mads at kiilerich.com
Thu Jul 23 15:20:50 UTC 2015


On 07/23/2015 05:11 PM, Thomas De Schampheleire wrote:
> On Thu, Jul 23, 2015 at 2:11 PM, Mads Kiilerich <mads at kiilerich.com> wrote:
>> On 07/22/2015 09:50 PM, Thomas De Schampheleire wrote:
>>> # HG changeset patch
>>> # User Thomas De Schampheleire <thomas.de.schampheleire at gmail.com>
>>> # Date 1437508363 -7200
>>> #      Tue Jul 21 21:52:43 2015 +0200
>>> # Node ID f219f0a41f57655dd2125c9371db9ee1ac217a4b
>>> # Parent  27fbaba10257132c1087a3dc7f7c2bdfd4b5ab9e
>>> admin: e-mail: remove display of SMTP password
>>>
>>> It is quite useless, and in a way a security leak, to display the length
>>> of
>>> the SMTP password when showing the e-mail settings.
>>> Removing any reference to the SMTP password has the additional advantage
>>> of
>>> making subsequent cleanup on this page easier.
>>
>> I don't really know how valuable it is to show .ini values in the UI (there
>> is a lot of other settings we don't show - we either should or shouldn't)
> I hadn't considered it, but I think you're right: it is not very
> valuable to show the .ini values in the UI. The main use case I can
> think of is to verify whether the .ini file you were changing is
> really picked up by the application (which could be handled by making
> the path to the .ini file available in the admin UI) , or specifically
> whether the settings you configured are actually picked up by the
> application (guarding against typos, for example). The latter is
> however difficult, because some settings are really intended for other
> components than Kallithea, and it is difficult/fragile to enlist them
> all.
>
> In any case, as you say, we shouldn't make an exception for the e-mail settings.
>
> So, my suggestions are:
> 1. remove the e-mail settings from the UI (leaving only the test
> functionality), and make no further changes
> 2. or, remove the e-mail settings from the UI, and add the path to or
> name of the .ini file in some location. In this case, suggestions for
> a good location in the UI are welcome.

yes, the .ini path would be very nice (of course only shown to admins 
who probably have more or less direct access to it).

System Info already shows git_path and could perhaps also show the path.

Alternatively, more settings could move from .ini to settings in the 
app. That will probably be more "user friendly". Some settings are more 
suitable for that than others.

/Mads


More information about the kallithea-general mailing list