[TYPO3-dev] Install Tool: Change of DB password field to"password" input needless?

Thomas "Thasmo" Deinhamer thasmo at gmail.com
Fri May 14 15:56:00 CEST 2010


Good point!

Thomas

Am 14.05.2010 15:45, schrieb JoH asenau:
>> How often do you find yourself creating a new project site, setting up
>> Typo3 and showing the process to someone that shouldn't see the DB
>> password? I'd say changing the password field to type password creates
>> a lot more hassle than good - it's not good usability and the cases
>> where you find yourself in a problematic environment (i.e. someone
>> looking over your shoulder) are so very, very few that they don't
>> outweigh the benefit of being able to see the password.
>
> The problematic environment will be "activated" as soon as you are working
> with a browser that is set to suggest values for input fields. The
> interesting thing here is, that the other person doesn't even need the
> install tool of the particular website you have been using, since anybody
> will be able to see the password while working with his own install tool,
> due to the same fieldname being used in any install tool instance. This is
> why it's just not enough to have someone turn around, since he will be able
> to get the password after you left his office.
>
> So a cleartext field for a password IMHO is a no go.
>
> Just my 2 cents
>
> Joey
>




More information about the TYPO3-dev mailing list