Opened 15 years ago
Closed 15 years ago
#12479 closed defect (bug) (fixed)
User-specified password displaying during install
Reported by: | Ribbontree | Owned by: | dd32 |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description
I appreciate the improvement that users are prompted to choose their own password. However I think there has been an oversight with this change.
Historically it has been essential to display the password onscreen, because the user did not specify it.
I believe it is now dangerous to continue displaying a user's own specified password. It is obscurred with an <input type="password" /> field, so one would not expect it to be visible on a subsequent page.
Many people use their passwords for several different sites; to display this password on screen, when it was originally obscured is likely to upset people who weren't expecting this behaviour.
Tested in nightly build downloaded approximately 21 hours ago.
Change History (3)
#1
@
15 years ago
- Component changed from General to Upgrade/Install
- Milestone changed from Unassigned to 3.0
- Owner set to dd32
Agree. This was pointed out in the original ticket, we just haven't gotten around to it yet.
I'll leave this open for now even though it can be handled in #10396 (the main ticket), it's important we get to this.