FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » Global Admin DB Password field shouldn't be plain text
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Global Admin DB Password field shouldn't be plain text [message #14055] Tue, 04 November 2003 20:16 Go to next message
Anonymous   United States
This is driving me up a wall. I hate seeing my password in plain text there. I don't think *any* passwords should just sit there in plain text in your browser.

Any chance this will change in the near future? Even if not, is there a patch or a bit of code I can throw in to change that field? Idealy, I'd like to see it encrypted all over, but failing that, I'll feel a bit more comfortable if we can just change the field type to password.

I found were "print_string_field" is used. Is it as simple as changing that to "print_password_field" or somesuch?


Re: Global Admin DB Password field shouldn't be plain text [message #14056 is a reply to message #14055] Tue, 04 November 2003 21:13 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
PHP does not include any native 2 way encryption algorithms so encryption is out of the question. Changing the field to plain text would only create an-annoyance since you won't be able to see the value and thus possible typos in the password.

FUDforum Core Developer
Re: Global Admin DB Password field shouldn't be plain text [message #14107 is a reply to message #14056] Wed, 05 November 2003 19:36 Go to previous messageGo to next message
Anonymous   United States
But that's the point. I don't *want* to see the value. I don't want someone standing over my shoulder when I click the admin link and see my password. I guess it'd be one thing if it was buried somewhere, but it's the default page that pops up as soon as I enter the admin control panel. Sure, there could be a typo, but lots of us are *used* to hidden passwords and make it a point to *not* typo when we put them in.

If you can't include encryption, that's fine. I doubt anyone's gonna be digging around enough to find it in the files, but it makes me uncomfortable seeing my password sitting there in plain text. It's far more of an annoyance for that reason then for the possibility of a typo.

I'm not even asking that you change it globally to future releases, I just want to know how to change it on *mine*.

Thanks.

Re: Global Admin DB Password field shouldn't be plain text [message #14109 is a reply to message #14107] Wed, 05 November 2003 19:48 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Simply make a copy of the current function which displayed text fields. And make it output password field type rather then text. Then modify the code responsible for display of MySQL password option to use the new function.

FUDforum Core Developer
Re: Global Admin DB Password field shouldn't be plain text [message #14117 is a reply to message #14109] Wed, 05 November 2003 21:23 Go to previous messageGo to next message
Anonymous   United States
Ok, sounds good. Thanks.

Re: Global Admin DB Password field shouldn't be plain text [message #14120 is a reply to message #14117] Wed, 05 November 2003 21:47 Go to previous messageGo to next message
Hkkathome is currently offline  Hkkathome   Sweden
Messages: 42
Registered: June 2002
Location: [Sweden][Stockholm]
Karma: 0
Member
An other way to solve this "problem" could be just moving the password field from the General Settings Manager. Make a popup window for it or something like that. It isn't often one want to see or change it anyway.

Hkkathome(TM) as always...
Re: Global Admin DB Password field shouldn't be plain text [message #14151 is a reply to message #14055] Thu, 06 November 2003 15:12 Go to previous messageGo to next message
NinjaCow is currently offline  NinjaCow   United States
Messages: 2
Registered: November 2003
Karma: 0
Junior Member
Thanks. I actually found a pretty simple way to do what I wanted to do. I posted it in the Hacks section if anyone else needs it.

Re: Global Admin DB Password field shouldn't be plain text [message #14161 is a reply to message #14151] Thu, 06 November 2003 16:40 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
After some consideration, I've decided to make the MySQL password a hidden field. My implementation was commited to the CVS just now.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: default theme css split
Next Topic: Fudforum support for translations
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 04 19:15:07 GMT 2024

Total time taken to generate the page: 0.03034 seconds