Don't show password in cleartext
Bug #1191453 reported by
Kristina Hoeppner
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Kristina Hoeppner | ||
1.5 |
Fix Released
|
High
|
Kristina Hoeppner | ||
1.6 |
Fix Released
|
High
|
Kristina Hoeppner | ||
1.7 |
Fix Released
|
High
|
Kristina Hoeppner |
Bug Description
When you are on admin/edit.php or admin/add.php, the password you enter for a user is displayed in cleartext. This is not good esp. when you have form filling turned on in your browser as it remembers the passwords that you typed in.
The easiest solution is to make this field type "password" so that it is treated like a password field.
More complicated would be to allow the admin to toggle between viewing the password or not (like in Moodle) or to implement a password confirmation (like on the account settings page).
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
milestone: | 1.8rc1 → 1.8.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I chose the easy solution for the time being: /reviews. mahara. org/#/c/ 2278/
https:/