dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(central-ui): never render DB connection strings on Integration Definitions list

Browse Source 
Connection strings carry credentials; the Database Connections tab rendered the
full string (text + title tooltip) for any Design/Admin user. Replace with a
non-sensitive 'hidden — edit to view' hint so it never reaches the browser DOM.
Connection strings remain editable on the create/edit form. Adds a bUnit
regression guard asserting the seeded secret is absent from the rendered list.
This commit is contained in:
Joseph Doherty
2026-06-17 10:44:43 -04:00
parent af54c8ad11
commit c2e89e9d40
2 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/ExternalSystems.razor
+2 -1
View File
@@ -245,7 +245,8 @@
</div>
</div>
</div>
<p class="small text-muted text-truncate mb-1" title="@dc.ConnectionString">@dc.ConnectionString</p>
@* Connection strings carry credentials — never rendered here (not even for admins). Shown only on the create/edit form. *@
<p class="small text-muted fst-italic mb-1">Connection string hidden — edit to view</p>
<div>
<span class="badge bg-light text-dark me-1">Max @dc.MaxRetries retries</span>
<span class="badge bg-light text-dark">Delay @dc.RetryDelay.TotalSeconds s</span>