Mahara

Don't show password in cleartext

Bug #1191453 reported by Kristina Hoeppner on 2013-06-16

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Kristina Hoeppner	Mahara 1.8.0
1.5	Fix Released	High	Kristina Hoeppner	Mahara 1.5.11
1.6	Fix Released	High	Kristina Hoeppner	Mahara 1.6.6
1.7	Fix Released	High	Kristina Hoeppner	Mahara 1.7.2

Bug Description

When you are on admin/edit.php or admin/add.php, the password you enter for a user is displayed in cleartext. This is not good esp. when you have form filling turned on in your browser as it remembers the passwords that you typed in.

The easiest solution is to make this field type "password" so that it is treated like a password field.

More complicated would be to allow the admin to toggle between viewing the password or not (like in Moodle) or to implement a password confirmation (like on the account settings page).

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2013-06-16:

I chose the easy solution for the time being:
https://reviews.mahara.org/#/c/2278/

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2013-06-23: A change has been merged

Reviewed: https://reviews.mahara.org/2278
Committed: http://gitorious.org/mahara/mahara/commit/9c2c72b6ff3c8db1c2c7cffdfd4dbe316a79d1cb
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 9c2c72b6ff3c8db1c2c7cffdfd4dbe316a79d1cb
Author: Kristina D.C. Hoeppner <email address hidden>
Date: Sun Jun 16 14:48:50 2013 +1200

Bug #1191453: Make password field of type password

The password should not be displayed in
plaintext. I changed the type of the input
field to "password" to account for that.

Change-Id: I5d64470291e1c81b31bc0aaeb8cd65d809412ae7
Signed-off-by: Kristina D.C. Hoeppner <email address hidden>

Kristina Hoeppner (kris-hoeppner) on 2013-06-23

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2013-07-01:

https://reviews.mahara.org/#/c/2302
https://reviews.mahara.org/#/c/2303
https://reviews.mahara.org/#/c/2304

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2013-07-01:

Reviewed: https://reviews.mahara.org/2303
Committed: http://gitorious.org/mahara/mahara/commit/8a900b8ec73941944705efb59a38dc7ebd8b4578
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.7_STABLE

commit 8a900b8ec73941944705efb59a38dc7ebd8b4578
Author: Kristina D.C. Hoeppner <email address hidden>
Date: Sun Jun 16 14:48:50 2013 +1200

Bug #1191453: Make password field of type password

The password should not be displayed in
plaintext. I changed the type of the input
field to "password" to account for that.

Change-Id: I5d64470291e1c81b31bc0aaeb8cd65d809412ae7
Signed-off-by: Kristina D.C. Hoeppner <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2013-07-01:

Reviewed: https://reviews.mahara.org/2302
Committed: http://gitorious.org/mahara/mahara/commit/8cedc98e98838014da0e352e77a0e895facf4854
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.6_STABLE

commit 8cedc98e98838014da0e352e77a0e895facf4854
Author: Kristina D.C. Hoeppner <email address hidden>
Date: Sun Jun 16 14:48:50 2013 +1200

Bug #1191453: Make password field of type password

The password should not be displayed in
plaintext. I changed the type of the input
field to "password" to account for that.

Change-Id: I5d64470291e1c81b31bc0aaeb8cd65d809412ae7
Signed-off-by: Kristina D.C. Hoeppner <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2013-07-01:

Reviewed: https://reviews.mahara.org/2304
Committed: http://gitorious.org/mahara/mahara/commit/f4523ac158b968ff65325b970ca3670d8c226963
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.5_STABLE

commit f4523ac158b968ff65325b970ca3670d8c226963
Author: Kristina D.C. Hoeppner <email address hidden>
Date: Sun Jun 16 14:48:50 2013 +1200

Bug #1191453: Make password field of type password

The password should not be displayed in
plaintext. I changed the type of the input
field to "password" to account for that.

Change-Id: I5d64470291e1c81b31bc0aaeb8cd65d809412ae7
Signed-off-by: Kristina D.C. Hoeppner <email address hidden>

Aaron Wells (u-aaronw) on 2013-09-30

Changed in mahara:
milestone:	1.8rc1 → 1.8.0

Aaron Wells (u-aaronw) on 2013-10-24

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.