[TYPO3-dev] User setup module, hide "New password" field
Martin Kutschker
masi-no at spam-typo3.org
Mon Apr 27 15:24:34 CEST 2009
Steffen Kamper schrieb:
> Martin Kutschker schrieb:
>> Yes, but TYPO3 fills up the field with * after you leave the field.
>> That's unusual, but hides the number of characters you've typed in.
>>
>
> this trick is done in TCEform (and i like it very much as it shows you
> which password you enter until you leave focus of the field)
> But it's not done in user setup - maybe we should adapt this trick here.
Not necessary as in the user module you have to enter the password
twice. In TCEform Kasper was only too lazy to create a doubled field to
protect the password entry.
As showing the password is a security risk it shouldn't be done. OTOH,
the user setup should require the old password as well, so that nobody
can change it while you're away fetching a coffee.
Masi
PS: That the installer shows the password in plain text when you create
a new admin user annoys me since I've seen it for the first time years
ago ;)
More information about the TYPO3-dev
mailing list