Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#12479 closed defect (bug) (fixed)

User-specified password displaying during install

Reported by: Ribbontree Owned by: dd32
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Upgrade/Install Keywords:
Focuses: Cc:


I appreciate the improvement that users are prompted to choose their own password. However I think there has been an oversight with this change.
Historically it has been essential to display the password onscreen, because the user did not specify it.

I believe it is now dangerous to continue displaying a user's own specified password. It is obscurred with an <input type="password" /> field, so one would not expect it to be visible on a subsequent page.
Many people use their passwords for several different sites; to display this password on screen, when it was originally obscured is likely to upset people who weren't expecting this behaviour.

Tested in nightly build downloaded approximately 21 hours ago.

Change History (3)

#1 @nacin
6 years ago

  • Component changed from General to Upgrade/Install
  • Milestone changed from Unassigned to 3.0
  • Owner set to dd32

Agree. This was pointed out in the original ticket, we just haven't gotten around to it yet.

I'll leave this open for now even though it can be handled in #10396 (the main ticket), it's important we get to this.

#2 @TobiasBg
6 years ago

If we decide to not show the password on the subsequent screen, we will have to add a "Type password again" field to the original screen, otherwise the user might accidentally make a typo and does not really know about.

#3 @dd32
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [13592]) Do not display user specified password during install. Fixes #12479. See #10396 for feedback

Note: See TracTickets for help on using tickets.