[Typo3-dev] feature requests / password fields (be)

[Kasper Skårhøj]

I agree with Wolfgang on the bad usability of the password field - yes,
you do expect it to conceal the content.

The reason it is in plain text is that otherwise it would require two
fields, one for validation of the password - and that would impose more
work on me in the backend whereas now we just submit a value directly
into the databsae as any other field.

I have put it on the todo list.

- kasper


On Thu, 2004-11-25 at 23:56, Michael Stucki wrote:
> Hi Wolfgang,
> 
> >  I request to change the password fields for backend users (and
> >  optionally fe users) from the input type "text" to "password".
> >  (as I set my own password in front of a client in his installation
> >  today and I type rather fast and therefore didn't recognize that
> >  it was clear text until I had typed it completely... hmmm...
> >  don't like that very much and I imagine that this occurs often)
> 
> Yes I think that would be fine.
> 
> >  Any drawbacks? There must have been a reason to make it not of type
> >  password I think...
> 
> Just make sure that there will be two input fields in future (it's more
> secure in case you mis-typed your PW).
> 
> >  btw: another thing I do in nearly every project is to hide the output
> >  of the password column in the page module view for fe-user records and
> >  change the clear text password to an encrypted one...
> >  why isn't that standard behavior too?
> 
> Not yet. There is already an extension that does this and I'm planning to
> merge this into the core.
> 
> - michael
-- 
- kasper

----------------
Man søger fred i rigdom, glans og ære
og tænker: Hvad kan hjertet mer begære?
men dybt derinde bor den samme længsel,
og hjertet græder i sit gyldne fængsel.