Clear Text Password

Question

Clear Text Password

harrezzebra opened this issue 2 months ago · comments

Harshvardhan Gupta commented 2 months ago

Harbor should support hashed passwords such as outputed from openssl passwd, instead of clear text.

stonezdj(Daojun Zhang) · Answer 1 · Fri May 24 2024 16:59:07 GMT+0800 (China Standard Time)

can you please detail the requirement?

Harshvardhan Gupta · Answer 2 · Sun May 26 2024 14:48:48 GMT+0800 (China Standard Time)

One of our ISSP recommends, plain text password should not visible during burpsuite intercepting. login password must be hashed before it's being handed over to TLS/SSL for client server communication.

stonezdj(Daojun Zhang) · Answer 3 · Mon May 27 2024 16:35:14 GMT+0800 (China Standard Time)

The password is sent by TLS, we consider it is safe to to communicate. please share the link of the ISSP recommends

Shengwen YU · Answer 4 · Mon May 27 2024 16:36:45 GMT+0800 (China Standard Time)

The statement login password must be hashed before it's being handed over to TLS/SSL for client server communication is defined in any spec/regulation?