- Notifications
You must be signed in to change notification settings - Fork928
feat: mask coder login token to enhance security#12948
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
@kylecarbs - not sure if i should add some unit tests for this, but i did manually validate that the token still works and is not shown |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
in a future state, we should display*** characters, for a better UX.
@ericpaulsen IIRC, it was the original behavior, and the token was shown after some customer feedback. |
Yeah, hiding the input was changed because users couldn't tell if they were actually pasting into the box or not. I'm in favor of changing it back to secret until we can add in replacing the text with asterisks. |
@coadler - there are various other places where |
Yeah, definitely. |
would be nice to have this resolved for when i do demos. |
@ericpaulsen is there a decision on how to handle the secret being printed? |
Uh oh!
There was an error while loading.Please reload this page.
Masks the coder token when pasting it after the
coder login.When doing public demos of coder this can be an awkard moment...