nsupdate.info
nsupdate.info copied to clipboard
nsupdate-info
Refreshing "Show Configuration" invalidates host secret
A few days ago I signed up for nsupdate.info and registered a host, then configured it with the settings on the "Show Configuration" page. I kept the browser tab open so I could go back in case I needed to do troubleshooting (which turned out to be necessary, after suffering from #207), blissfully unaware that I was resetting the secret on every browser restart (or whenever that URL was requested). It was only by coincidence that I discovered this, as there is no warning when reaching this page after configuring a new host.
I'd suggest changing the logic so that simply refreshing this page will not reset the secret. I understand that host secrets are stored in hashed form server-side, so there is no way to show the secret without regenerating it. Suggestion: when the page is loaded, show the full configuration but, instead of the secret, show a button "Regenerate secret" which the user has to click in order to regenerate the secret and see it.
That it generates a new secret when invoked is documented and IIRC also pointed out on the user interface.
It can not show the configurations without access to a secret as the secret is part of the configurations.
So, just don't keep that view open?
There is a hint when you show the configuration for an existing server, but not when you reach that page by adding a new server. Also, I'm not aware of an easy way to view the configuration parameters without resetting the secret.
It can not show the configurations without access to a secret as the secret is part of the configurations.
Wouldn't it be technically possible to show all configuration data other than the secret? I'd be surprised if there was no way to do this... and it'd still come in handy when something goes wrong and a user wants to rule out any other errors, such as mis-typed URLs, user names and the like...
see also #303.
yes, we could show a incomplete (without password) configuration without generating a new password.
Just did a writeup on feature request and before hitting send I see 'similar issues' and turns out already asked for (and given in this thread the link to #303 is asking for same thing) - it seems like a common ask to get config instructions seperate from password/private secret.... Hope the devs can consider as it would make things easier.
