As designed Installation db password field

Lukas W.

Lukas W.

Well-known member
Affected version
2.0.0 Beta 8
When doing a fresh installation, the db password field is a text field instead of a password field. While I understand, that it might help to be able to see the password, I generally believe, that - as this is one of the most important passwords of your XF installation - safety should go first. Not labeling it as password field seems to prevent my antivirus password protection functionality from activating.
 
This isn't really something we're looking to change at this point, though we did notice a key difference between XF1 and XF2 in that in XF1 the password field was marked as autocomplete="off" so it would at least prevent the password being saved from and recalled for that field for future usage.

There's definitely arguments for changing it, but also arguments against. Ultimately it's a field which is displayed for a mere matter of minutes and it's the kind of thing you're unlikely to be doing with people looking over your shoulder. It's then stored in plain text in your config file where it's just as exposed to some of the similar risks. It's likely not a big deal.
 

Similar threads

actionmedia
  • Question Question
XF 2.2 How to change mysql db password for xenforo?
Replies
2
Views
1K
actionmedia
actionmedia
Steffen
Fixed Register form: Use autocomplete="new-password" instead of autocomplete="off" for password field
Replies
2
Views
2K
XF Bug Bot
XF Bug Bot
Monocerotis
  • Question Question
XF 2.0 DB Password
Replies
1
Views
587
Chris D
Chris D
SonnyCooL
  • Question Question
XF 1.5 where is DB password save ?
Replies
3
Views
2K
SonnyCooL
SonnyCooL
M
  • Question Question
XF 1.4 How to change db password?
Replies
2
Views
2K
MohammadMorad
M
Back
Top Bottom