LDAP credentials stored in plain text


#1

Hi,
I have a client who is using LDAP authentication in Metabase who has discovered that the LDAP user / password is stored in plain text in the Metabase DB file.

I instructed him to encrypt the db file using
set MB_ENCRYPTION_SECRET_KEY=’???=’

Although this encrypts the db connection, it leaves the LDAP credentials exposed.

Here is his “Get Help” request, but as yet he has had no real acknowledgement of the issue.

Can someone please

  1. Let me know if this is a known issue
  2. Give details of any possible work around
  3. If accepted as a bug, give a timeline on when it will be rectified?

Thanks
John