Feature Requests
Share ideas, discuss and vote on requests from other users in community

Decrypted hosting password should not be a template variable

v1ktor shared this idea 3 months ago
Under Consideration

I was working on product details page and noticed that {debug} was displaying decrypted hosting password, under {$password}. Password shouldn't be Smarty variable, especially in plaintext. It is encrypted in the database, it shouldn't be displayed or available in plaintext like this. It is included in 2 template variables, $moduleParams and $password.

I saw in another thread that in Six theme password is not displayed, so this needs to be removed. There's absolutely no reason to have that password as template variable.

Here's an example screenshot that uses dummy password on our dev instance.

This needs to be corrected ASAP. Password should only be retrieved using DecryptPassword API command by the developer when they need to, decrypted password should not be floating around for no reason.