Bug 88232 - UI - provide an option to hide JDBC URL and connection parameters in status bar
Summary: UI - provide an option to hide JDBC URL and connection parameters in status bar
Status: RESOLVED INVALID
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Base (show other bugs)
Version:
(earliest affected)
4.4.0.1 rc
Hardware: Other All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-09 11:32 UTC by cpohle
Modified: 2015-10-14 19:48 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments
Display of the full JDBC connection string in Base's status bar (16.15 KB, image/png)
2015-01-09 11:32 UTC, cpohle
Details
db connection parameters (43.16 KB, image/png)
2015-01-09 14:28 UTC, Alex Thurgood
Details

Note You need to log in before you can comment on or make changes to this bug.
Description cpohle 2015-01-09 11:32:16 UTC
Created attachment 112003 [details]
Display of the full JDBC connection string in Base's status bar

Sometimes it is appropriate to store the password for a database connection as part of the JDBC connection string, so the user with (ideally legitimate) access to an odb-file can query a remote database without the need to supply the password.

However, LO Base prints the full JDBC connection string in the application window's status bar, so other people passing by the screen are able to read the cleartext password (see the attached screenshot).

Though that would not provide any "real" security, this information disclosure seems not necessary. As a solution, there should be a setting allowing a user to disable the display of the JDBC connection string at all, or any sensitive information like password and possibly user name should be obfuscated in the status bar, e.g. by printing just a "*" instead.
Comment 1 Alex Thurgood 2015-01-09 14:28:28 UTC
Created attachment 112010 [details]
db connection parameters
Comment 2 Alex Thurgood 2015-01-09 14:29:27 UTC
Can not reproduce on my masterbuild on OSX 10.10.1

using build 

Version: 4.5.0.0.alpha0+
Build ID: 9dbac35b1e55c49b2f1e595f4dfe3437c3fedb58
Locale: fr_
Comment 3 Alex Thurgood 2015-01-09 14:34:10 UTC
As you can see from the attached screenshot, the only string I see is the db name followed by any optional connection parameters. You should not be putting id and password combos directly in here, but rather use the separate dialog provided for that purpose.

@cpohle : please provide jdbc connector version (just in case it makes a difference, but I doubt it), and please tell us how you set up your connection to the db - I'm assuming via the wizard ? 

Setting to NEEDINFO pending requested information.

Please set back to UNCONFIRMED once you have provided the requested information.
Comment 4 Alex Thurgood 2015-01-09 14:37:01 UTC
At best, this might be considered as a request for enhancement, but I doubt the rationale and development effort in providing a UI switch to turn on/off the display of the string in the main db window for someone who has hard coded the pwd/id combo into the connection string. However, I'm not a developer.
Comment 5 Alex Thurgood 2015-01-09 14:38:48 UTC
Changing title to reflect the request as I understand it from initial posting.
Comment 6 Alex Thurgood 2015-01-09 14:41:16 UTC
I notice from your screen shot that you are accessing the mysql db via the general jdbc setup rather than the mysql(jdbc) setup. Why ?
Comment 7 Alex Thurgood 2015-01-09 14:42:36 UTC
Since we have a separate UI for creating a mysql jdbc connector, I'm wondering whether this is even a valid request.
Comment 8 Alex Thurgood 2015-01-09 14:43:02 UTC
(In reply to Alex Thurgood from comment #7)
> Since we have a separate UI for creating a mysql jdbc connector  connection, I'm
> wondering whether this is even a valid request.
Comment 9 cpohle 2015-01-09 20:00:29 UTC
(In reply to Alex Thurgood from comment #3)
> As you can see from the attached screenshot, the only string I see is the db
> name followed by any optional connection parameters. You should not be
> putting id and password combos directly in here, but rather use the separate
> dialog provided for that purpose.

You're right. But to the best of my knowledge, providing authentication data as part of the connection string is the only way to prevent the user from having to enter the password everytime he want's to access the database, e.g. for grabbing an address for a mail-merge in Writer.

I understand that this approach is terrible from a security perspective, but it's viable as a compromise in certain usage scenarios (e.g. when access to the odb file can be restricted by other means).
Comment 10 cpohle 2015-01-09 20:02:40 UTC
(In reply to Alex Thurgood from comment #6)
> I notice from your screen shot that you are accessing the mysql db via the
> general jdbc setup rather than the mysql(jdbc) setup. Why ?

This setup was just used for the screenshot. We use other (commercial) db systems, for which only JDBC drivers are provided.
Comment 11 cpohle 2015-01-09 20:03:19 UTC
(In reply to Alex Thurgood from comment #7)
> Since we have a separate UI for creating a mysql jdbc connector, I'm
> wondering whether this is even a valid request.

Please see my comment #10 for a reply.
Comment 12 cpohle 2015-01-09 20:13:36 UTC
(In reply to Alex Thurgood from comment #4)
> At best, this might be considered as a request for enhancement, but I doubt
> the rationale and development effort in providing a UI switch to turn on/off
> the display of the string in the main db window for someone who has hard
> coded the pwd/id combo into the connection string. However, I'm not a
> developer.

I'm not a developer, neither. However, I think a static regex-replace against the connection string bevore displaying it in the status bar would suffice to solve this issue.
Comment 13 QA Administrators 2015-09-04 02:55:47 UTC
Dear Bug Submitter,

This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INVALID due to lack of needed information.

For more information about our NEEDINFO policy please read the wiki located here: 
https://wiki.documentfoundation.org/QA/FDO/NEEDINFO

If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed.


Thank you for helping us make LibreOffice even better for everyone!


Warm Regards,
QA Team

This NEEDINFO message was generated on: 2015-09-03
Comment 14 QA Administrators 2015-10-14 19:48:46 UTC
Dear Bug Submitter,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INVALID due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided):

a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. 
Please do not:
a) respond via email 
b) update the version field in the bug or any of the other details on the top section of FDO

Message generated on: 2015-10-14