As designed Installation db password field

Affected version
2.0.0 Beta 8

Lukas W.

Formerly katsulynx
When doing a fresh installation, the db password field is a text field instead of a password field. While I understand, that it might help to be able to see the password, I generally believe, that - as this is one of the most important passwords of your XF installation - safety should go first. Not labeling it as password field seems to prevent my antivirus password protection functionality from activating.

Chris D

XenForo developer
Staff member
This isn't really something we're looking to change at this point, though we did notice a key difference between XF1 and XF2 in that in XF1 the password field was marked as autocomplete="off" so it would at least prevent the password being saved from and recalled for that field for future usage.

There's definitely arguments for changing it, but also arguments against. Ultimately it's a field which is displayed for a mere matter of minutes and it's the kind of thing you're unlikely to be doing with people looking over your shoulder. It's then stored in plain text in your config file where it's just as exposed to some of the similar risks. It's likely not a big deal.