Jump to content

[Plugin infrastructure] Passing password from WebUI to plugin without logging


nick5429

Recommended Posts

I'd like to request some sort of mechanism to pass arguments (e.g., passwords) from a plugin's WebUI page to the plugin's scripts without logging the string in the syslog.

 

I'm working on an encryption plugin which needs to pass an encryption password/key from an input field to the backend scripts to mount/encrypt/decrypt a volume, and the unraid 6.1+ plugin system seems to log all parameters.  It seems inappropriate to log that password/key.

 

Perhaps for these fields, they can be passed from the form submission in "redactN" arguments that get logged as "*****" or "[REDACTED_FIELD]" instead of "argN" arguments -- and always present the "redact" variables contiguously after all the "arg" variables to the underlying script?

Link to comment
  • 1 month later...

I have an updated encryption plugin for 6.x that I'd like to release.  Encryption has been a widely requested feature on unraid for many years that hasn't received any real first party traction.  An encfs implementation isn't nearly as good as a proper solution that lives below the unraid layer, but could help bridge the gap until real disk encryption is implemented for unraid.

 

However -- I'm not comfortable putting up a "release" of an encryption plugin which logs its password.  This just provides a false sense of security, which is arguably worse than none at all.

 

I wanted to bump this up and request its inclusion ASAP or in the upcoming 6.3 please?

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...