Security concerns #57
Comments
|
@synedra I cross-posted your issue over on drupal.org https://www.drupal.org/node/2738995 |
|
Hi Synedra, Thanks for your report. I am reviewing your concerns and will respond shortly. It's probably best to keep discussion on Drupal.org - would you mind registering for an account there? The link arknoll provided above is my preffered place to respond. |
|
Replied on Drupal.org thread: https://www.drupal.org/node/2738995#comment-11256377 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I've got serious concerns about the security of this module. If someone puts their credentials in the UI, they're sending them in the clear, and if a large company did this, they would be exposing the company, and Akamai, to serious issues. Additionally, anyone who can see the database (are the credentials stored in the clear like Wordpress?) can access the credentials.
It would be much better to instruct people to send the credentials to the system via sftp. It may be more of an issue, but it would be better than what's being done now. It's critically important that these credentials be protected, and without HTTPS and database protection, the users should access this file as an sftp target.
Our security folks will likely have serious issues with this as well.
Kirsten Hunter
API Evangelist, Akamai
The text was updated successfully, but these errors were encountered: