[COMPASS-6161] Hide password during screenshares / Zoom Hide password when in Editing connection string > Editing password mode Created: 04/Oct/22 Updated: 29/Oct/23 Resolved: 16/May/23 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Security |
| Affects Version/s: | 1.33.1 |
| Fix Version/s: | 1.37.0 |
| Type: | Task | Priority: | Critical - P2 |
| Reporter: | Felicia Hsieh | Assignee: | Basit Chonka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
macOS 12.6 |
||
| Attachments: |
|
||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||
| Story Points: | 3 | ||||||||||||||||||||
| Documentation Changes: | Needed | ||||||||||||||||||||
| Documentation Changes Summary: | We only show the password when user is focused on the input field. |
||||||||||||||||||||
| Sprint: | Iteration Brontosaurus | ||||||||||||||||||||
| Description |
Problem Statement/RationaleWhat is going wrong? What action would you like the Engineering team to take? Please be sure to attach relevant logs with any sensitive data redacted. Password can still be seen when in during screenshares / Zoom Hide password when in Editing connection string mode>Editing password mode. Password should be hidden. There needs to be a 2nd level of protection. Steps to Reproduce How could an engineer replicate the issue you’re reporting? Edit a connection string > Edit the password field. Look at the URI (connection string) field. Expected ResultsWhat do you expect to happen? Password to remain hidden with "*****" until intentionally revealed at another level. As a suggestion, other websites use the "eye" icon like https://www.csestack.org/hide-show-password-eye-icon-html-javascript/ Actual ResultsWhat do you observe is happening? As the password field is edited in editing connection string mode, the password is revealed on the connection string field. Additional NotesAny additional information that may be useful to include. Reported by a customer |
| Comments |
| Comment by Githook User [ 22/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 20/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 18/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 17/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 17/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 16/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 16/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: feat(connection-form): show password only when user focuses on input Co-authored-by: Sergey Petushkov <petushkov.sergey@gmail.com> |
| Comment by Githook User [ 15/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: Merge branch 'main' into |
| Comment by Githook User [ 12/May/23 ] |
|
Author: {'name': 'Basit', 'email': '1305718+mabaasit@users.noreply.github.com', 'username': 'mabaasit'}Message: Merge branch 'main' into |
| Comment by Anna Henningsen [ 02/Nov/22 ] |
|
felicia.hsieh@mongodb.com Please note that we are also introducing a protectConnectionStrings mode, which may or may not be a viable solution for the customer. See |