As designed Installation db password field

Lukas W.

Lukas W.

Well-known member
Affected version
2.0.0 Beta 8
When doing a fresh installation, the db password field is a text field instead of a password field. While I understand, that it might help to be able to see the password, I generally believe, that - as this is one of the most important passwords of your XF installation - safety should go first. Not labeling it as password field seems to prevent my antivirus password protection functionality from activating.
 
This isn't really something we're looking to change at this point, though we did notice a key difference between XF1 and XF2 in that in XF1 the password field was marked as autocomplete="off" so it would at least prevent the password being saved from and recalled for that field for future usage.

There's definitely arguments for changing it, but also arguments against. Ultimately it's a field which is displayed for a mere matter of minutes and it's the kind of thing you're unlikely to be doing with people looking over your shoulder. It's then stored in plain text in your config file where it's just as exposed to some of the similar risks. It's likely not a big deal.
 

Similar threads

yor14
  • Solved
XF 2.2 DB Errors on Fresh Install
Replies
15
Views
629
yor14
yor14
K
Not a bug TFA: Backup codes seem to be a security risk
Replies
3
Views
824
digitalpoint
digitalpoint
S
  • Solved
XF 2.2 Best way to create a test/staging instance?
Replies
2
Views
719
smallwheels
S
frm
Two staging instances: Password protection?
Replies
1
Views
511
Paul B
Paul B
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
Top Bottom