Ticket #1484886 (closed Feature Requests: fixed)

Opened 6 months ago

Last modified 4 months ago

Make password fields into the installer being of type="password"

Reported by: devym Owned by:
Priority: 5 Milestone: 0.2-alpha
Component: Installer Version: svn-trunk
Severity: minor Keywords: security
Cc:

Description

I think should be better that all password fields into the installer will be of type="password" instead of type="text".

I provide a patch for this.

Attachments

InstallerPasswordField.patch (1.1 kB) - added by devym 6 months ago.

Change History

Changed 6 months ago by devym

follow-up: ↓ 2   Changed 6 months ago by thomasb

Field value in HTML source should be replaced by some "****" as well then

in reply to: ↑ 1   Changed 6 months ago by devym

Are you saying to change this: 

<input name="_dbpass" size="20" id="cfgdbpass" value="pass" type="password" />

with this?: 

<input name="_dbpass" size="20" id="cfgdbpass" value="****" type="password" />

The field value is populated from the example config file db.inc.php.dist and if you want to replace it with some "****" you have to do into the config file.
It isn't useful, IMHO.

  Changed 5 months ago by till

  • milestone changed from 0.1.1 to later

Why is this needed?

I think it's less convenient and just adds to the probability that user's put in a wrong password.

  Changed 5 months ago by till

  • type changed from Bugs to Feature Requests

  Changed 5 months ago by thomasb

  • keywords security added
  • component changed from Security issue to Installer

  Changed 4 months ago by alec

  • status changed from new to closed
  • resolution set to fixed
  • milestone changed from later to 0.1.2

Fixed in r1375.

Note: See TracTickets for help on using tickets.