-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to deal with password in the EPerson Rest serialization #30
Comments
I'd like to revisit this ticket as it does seem like a possible minor security issue -- we likely should try to minimize the number of times a password is sent between the client & backend (ideally though that communication is secured behind HTTPS, CORS, etc) It seems like we might be able to simply fix this as @abollini originally suggested -- ensure that the password is always excluded from the returned object after a successful PATCH. Does anyone have any objection to that approach, or would it cause any issues for the Angular UI? @benbosman , @artlowel or @atarix83 -- any immediate thoughts on how to move this old ticket forward? (If we agree that it's just a matter of not returning the new password, we might be able to assign this minor cleanup to the same person who claims DSpace/DSpace#2988 as that involves the same area of the codebase.) |
[DSC-845] Search method showableByItem definition Approved-by: Giuseppe Digilio
From the #29 (comment)
The text was updated successfully, but these errors were encountered: