Opened 17 years ago
Closed 16 years ago
#5529 closed defect (bug) (wontfix)
Wordpress MySQL Setup should use a password field for the DB password
Reported by: | csogilvie | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.5 |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
When setting up Wordpress, the password field for MySQL is shown as a plain text field. This should probably use the password field type, so that the text is not shown to people, in the same way the login screen does.
Attachments (2)
Change History (10)
#3
@
17 years ago
Not sure I agree with the reasons for why it was won't fixed. It's also contrary to how many of the other applications that people use work, and is contrary to the experience that users expect (users expect passwords to be displayed as * whenever they are entering one).
It certainly caused me (and some of my colleagues) some concern when we were setting up Wordpress for something, and the password was displayed in plain text (and at a MUCH larger than normal font).
#5
in reply to:
↑ 4
@
17 years ago
Replying to Viper007Bond:
-1. I prefer making sure I typed it in correctly.
Same here, I like to know i typed it correctly, However, If you type it incorrectly, The installer just comes up with a improper database connectivity issue.
I guess some people prefer others not to see the password, But, The database password should be of significant length, and compexity anyway.. You'd not use a personal password for something like that (I know you do on most shared hosts...)
#6
@
17 years ago
+ 1
The installer should simply do a test connect to see if the password is correct (that is how I write all my installers with PHP/MySQL).
I think that showing the password is a bad idea.
#7
@
17 years ago
Instead of masking the password field, how about a compromise where recent browsers (see http://developer.mozilla.org/en/docs/How_to_Turn_Off_Form_Autocompletion) won't remember the value of the password field via autocomplete so as not to leave the password hanging around (as much) in the browser of the person that did the install, at least not in as accessible a format? I have attached a patch to the latest trunk that does this; it's a slight change to one line in setup-config.php.
Patch