Webdav password visible in source

  • I noticed that the webdav password is visible in the page source just by inspecting the password element. Seems as a security problem to me.
    What do you think about this?

Viewing 1 replies (of 1 total)

  • The password is being saved in the database, so if somebody wants to access it, even if we hide it from source, it can be found. Ideally, as with the rest of the Remote Storage options, you should create a webdav login related only to your site backup resources without giving permissions to other data.

    But you are correct, XCloner should encode the saved remote storage credentials in the database, so i will add this to the next release.

    If you have other option to make this more secure, please let us know.

Viewing 1 replies (of 1 total)
  • The topic ‘Webdav password visible in source’ is closed to new replies.