[GH-ISSUE #303] Differentiate between show configuration and create new configuration/password #239

New issue

Closed

opened 2026-02-26 09:36:51 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 09:36:51 +03:00

Owner

Originally created by @tobiasstein on GitHub (Mar 14, 2017).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/303

Please change the default behavior of the "Show Configuration" button inside of a configured host,
to not generate a new secret and introduce a new button to generate a new secret.

Restoring the old password in the database (triggering the python code) is not a common task for every body and requires to memorize the secret. If there is no possibility to access and change a client's password remotely, administrators have to visit the site and configure the device directly, which generally leads to some overhead. :-)

👍

Originally created by @tobiasstein on GitHub (Mar 14, 2017). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/303 **Please** change the default behavior of the "Show Configuration" button inside of a configured host, to not generate a new secret and introduce a new button to generate a new secret. Restoring the old password in the database (triggering the python code) is not a common task for every body and requires to memorize the secret. If there is no possibility to access and change a client's password remotely, administrators have to visit the site and configure the device directly, which generally leads to some overhead. :-) 👍

kerem closed this issue

2026-02-26 09:36:51 +03:00

kerem commented

2026-02-26 09:36:52 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Mar 14, 2017):

So, how would you generate a config (which includes the password) without generating a new password?

We can't show the old password as we do not store the password in plaintext.

@ThomasWaldmann commented on GitHub (Mar 14, 2017): So, how would you generate a config (which includes the password) without generating a new password? We can't show the old password as we do not store the password in plaintext.

kerem commented

2026-02-26 09:36:52 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Apr 4, 2017):

@tobiasstein did you read my comment?

I am open to ideas, but I think showing a complete configuration without creating a new password is not possible without violating security best practices.

Also, showing a configuration should only be needed if you currently (re)configure a device or a software.

@ThomasWaldmann commented on GitHub (Apr 4, 2017): @tobiasstein did you read my comment? I am open to ideas, but I think showing a complete configuration without creating a new password is not possible without violating security best practices. Also, showing a configuration should only be needed if you currently (re)configure a device or a software.

kerem referenced this issue

2026-02-26 10:31:26 +03:00

[PR #239] [MERGED] fixes #213 #424