Bug in security setting apps

jlboutin60 · June 5, 2025, 2:44pm

In the security module the password for the SMTP is erase every time something is modify.

The password should not be erase if the field is empty, the code in onValidate should look like this:

if (strlen({smtp_pass}) >= 8) {
	sc_exec_sql($sql . sc_sql_injection({smtp_pass}) 
				. " WHERE set_name=". sc_sql_injection('smtp_pass') );
}

Danilo_Lima · June 5, 2025, 8:05pm

@jlboutin60,

Since this is a text field with the “Password type field” option checked, this is the expected behavior for security reasons.

Is this the “problem” you are facing, or could it be something else?

We look forward to any feedback.

Best regards!

jlboutin60 · June 6, 2025, 11:07am

@Danilo_Lima

Thank you for your quick answer!

Let me explained you what happened

One of my customer decide to change the theme of his program, so he simply went in the settings apps, change the theme and save.

A few hour later he call me panicking that is program doesn’t send email anymore, that he verify with his IT guy and that there were no change in their setup and don’t think that there were change on the Microsoft side (Outlook365).

So I start to investigate to find out that the SMTP password has been erase, he told me that he didn’t go in the SMTP page and that the only thing he has done was to change the default theme.

This is why I consider this a bug, the password shouldn’t be erase because a setting was modified. It should only be overwrite if the field has been fill up.

Best regards!

gbillot3 · June 6, 2025, 12:26pm

Hi @jlboutin60.
To prevent this I saved the password value on load. Then when the user save, if password is empty (not changed) I put before update the original password value.

onValidate

if({clave_mail}!=={smtp_pass} and {smtp_pass}==’’)
{
{smtp_pass}={clave_mail};
}

Regards.

gbillot3 · June 6, 2025, 12:34pm

The other way is to take off Password field option on the field.

jlboutin60 · June 8, 2025, 12:17pm

Thank you Guillermo,

I did fix it with a similar solution, what I want is that Netmake fix this “bug” or “bad design” so I don’t have to fix it every time I start a new project.

rjjacob · June 8, 2025, 7:49pm

I’ve also had to change the line in onValidate for the SMTP Password of the sec_settings app every time I use the Security Module. The form should not delete the password every time some other field is updated. Bad User Experience!

gbillot3 · June 10, 2025, 8:15am

For security reasons the behavior is not show the explicit value, but if the user press to see the value, the value must be there visible. It’s not working, the value is empty, so if the user modify another field/s, the password is empty and the mail sending does not work

Best regards.

Danilo_Lima · June 11, 2025, 6:15pm

Thank you for everyone’s feedback.

I will forward this to the responsible team, and as soon as I receive feedback on the case, we will provide feedback in this thread.

Best regards!