1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed "MySQL Password" not censored when typing.

Discussion in 'Resolved Bug Reports' started by Vincent, Jan 2, 2011.

  1. Vincent

    Vincent Well-Known Member

    The title says enough, when typing in the textarea next to MySQL Password the letters should become dots, and they dont...
  2. Brogan

    Brogan XenForo Moderator Staff Member

    I believe this is by design, I'll see if I find an old post by Mike about it.

    Edit: It was to do with the SMTP password, not SQL: http://xenforo.com/community/threads/fixed-smtp-password.8824/

    As this will only ever be seen by the person installing the software, who will obviously have to know the password, I can't see it being much of in issue in my opinion.
  3. Vincent

    Vincent Well-Known Member

    I believe this is REALLY necessary, because my Chrome saves the password, so it shows up at certain places now...

    Also, he says one of the reasons is because of typo's, well, most people copy their passwords because they're not able to remember that... A safe password isn't rememberable.
    Ranger375 and krstep like this.
  4. Luke F

    Luke F Well-Known Member

    That's a really good point actually
  5. Vincent

    Vincent Well-Known Member

    Indeed :D
    Well, Mike, if you see this, it's actually you I'm asking to change your thoughts ;)
  6. Dean

    Dean Well-Known Member

    I'll take this approach.

    Generally people that admin sites need to keep their computers secure. If a browser is remembering the mysql password, it will be remembering other passwords like cpanel/whm, email, all sorts of things.
    ragtek likes this.
  7. Vincent

    Vincent Well-Known Member

    Yeah, computers need to be secure, I agree. But if hackers want to be in my computer, they will be. Nothing to do about that...

    I really don't see why it should be viewable. You can enter the password, and press "Submit". If wrong it will say "Try again". There's no need to see it.
    Darkimmortal likes this.
  8. Romchik®

    Romchik® Well-Known Member

  9. fos

    fos Active Member

    I don't generally use Chrome. Firefox asks if I want to remember passwords before saving them. A much better behavior.

    This might be a reason to avoid chrome whether this is changed in Xenforo or not.
  10. Luke F

    Luke F Well-Known Member

    The password is being input into a plain text box, so it gets remembered in Firefox, Chrome and other browsers without any prompt.
  11. Mike

    Mike XenForo Developer Staff Member

    I've turned off autocomplete for that element. I did change the SMTP password field so that it didn't show up, but the reason was mostly because it was stored and displayed back. I'm not really focusing on shoulder surfing with the installer, and MySQL connection issues are one of the most common issues, so I don't want to make a more significant support hassle. (In the vast majority of cases, the MySQL password needs to be used in conjunction with server access anyway.)
    Vincent likes this.
  12. Vincent

    Vincent Well-Known Member

    Okay, thanks :D

Share This Page