[TYPO3-dev] Install Tool: Change of DB password field to"password" input needless?

JoH asenau info at cybercraft.de
Fri May 14 15:45:38 CEST 2010


> How often do you find yourself creating a new project site, setting up
> Typo3 and showing the process to someone that shouldn't see the DB
> password? I'd say changing the password field to type password creates
> a lot more hassle than good - it's not good usability and the cases
> where you find yourself in a problematic environment (i.e. someone
> looking over your shoulder) are so very, very few that they don't
> outweigh the benefit of being able to see the password.

The problematic environment will be "activated" as soon as you are working
with a browser that is set to suggest values for input fields. The
interesting thing here is, that the other person doesn't even need the
install tool of the particular website you have been using, since anybody
will be able to see the password while working with his own install tool,
due to the same fieldname being used in any install tool instance. This is
why it's just not enough to have someone turn around, since he will be able
to get the password after you left his office.

So a cleartext field for a password IMHO is a no go.

Just my 2 cents

Joey

-- 
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
Xing: http://contact.cybercraft.de
Twitter: http://twitter.com/bunnyfield
TYPO3 cookbook (2nd edition): http://www.typo3experts.com






More information about the TYPO3-dev mailing list