[Typo3-dev] feature requests / password fields (be)
Kasper Skårhøj
kasper2004 at typo3.com
Fri Nov 26 11:39:06 CET 2004
I agree with Wolfgang on the bad usability of the password field - yes,
you do expect it to conceal the content.
The reason it is in plain text is that otherwise it would require two
fields, one for validation of the password - and that would impose more
work on me in the backend whereas now we just submit a value directly
into the databsae as any other field.
I have put it on the todo list.
- kasper
On Thu, 2004-11-25 at 23:56, Michael Stucki wrote:
> Hi Wolfgang,
>
> > I request to change the password fields for backend users (and
> > optionally fe users) from the input type "text" to "password".
> > (as I set my own password in front of a client in his installation
> > today and I type rather fast and therefore didn't recognize that
> > it was clear text until I had typed it completely... hmmm...
> > don't like that very much and I imagine that this occurs often)
>
> Yes I think that would be fine.
>
> > Any drawbacks? There must have been a reason to make it not of type
> > password I think...
>
> Just make sure that there will be two input fields in future (it's more
> secure in case you mis-typed your PW).
>
> > btw: another thing I do in nearly every project is to hide the output
> > of the password column in the page module view for fe-user records and
> > change the clear text password to an encrypted one...
> > why isn't that standard behavior too?
>
> Not yet. There is already an extension that does this and I'm planning to
> merge this into the core.
>
> - michael
--
- kasper
----------------
Man søger fred i rigdom, glans og ære
og tænker: Hvad kan hjertet mer begære?
men dybt derinde bor den samme længsel,
og hjertet græder i sit gyldne fængsel.
More information about the TYPO3-dev
mailing list