Severity: Warning
File: src/Servy/Models/ServiceConfiguration.cs, lines 160–163
Description:
Password and ConfirmPassword are plain string properties with no [JsonIgnore] / [XmlIgnore] attributes. When this model is serialized to XML or JSON (used for import/export), both fields are included in the serialized output — meaning exported config files contain the service account password in plain text.
This is a confidentiality risk if users share or back up exported configuration files.
Suggested fix:
Add [JsonIgnore] and [XmlIgnore] attributes to both password fields, or encrypt them during serialization.
Severity: Warning
File:
src/Servy/Models/ServiceConfiguration.cs, lines 160–163Description:
PasswordandConfirmPasswordare plainstringproperties with no[JsonIgnore]/[XmlIgnore]attributes. When this model is serialized to XML or JSON (used for import/export), both fields are included in the serialized output — meaning exported config files contain the service account password in plain text.This is a confidentiality risk if users share or back up exported configuration files.
Suggested fix:
Add
[JsonIgnore]and[XmlIgnore]attributes to both password fields, or encrypt them during serialization.