Password in cleartext

uli · 2008-06-15 09:49:22

A while ago I remarked there’s one password field to be filled in in cleartext in the process of installation. As far as I remember it’s the db pass.
[OT: There’s much activity with the new language files! Is 4.0.7 close ahead?]

ruud · 2008-06-15 14:53:07

The db password is stored only in config.php. It can’t be stored encrypted.

OT: no, not that close :)

uli · 2008-06-15 14:57:44

No, it’s not about storing, one input field is type=“text” instead of “password”

jm · 2008-06-15 15:29:40

The TXP user password uses the type=text value too.

ruud · 2008-06-15 16:31:40

The DB password is shown again in plain text in the bit of text that you have to copy/paste into the config.php file.
The TXP user password… hmmm.

Mary · 2008-06-17 14:04:32

It’s always been that way (as opposed to the user login form which has always been “hidden” as far as I can recall).

My guess is it was partly laziness: no “confirm” password field is then required, and that it was assumed if you were installing Txp you were in a “safe” location to begin with (no over-shoulder-lookers).

If it’s done away with, we should also have some jQuery goodness to instantly let you know if “password” and “password_confirm” match before you submit.

Last edited by Mary (2008-06-17 14:05:19)

Textpattern CMS

Textpattern CMS support forum

#1 2008-06-15 09:49:22

Password in cleartext

#2 2008-06-15 14:53:07

Re: Password in cleartext

#3 2008-06-15 14:57:44

Re: Password in cleartext

#4 2008-06-15 15:29:40

Re: Password in cleartext

#5 2008-06-15 16:31:40

Re: Password in cleartext

#6 2008-06-17 14:04:32

Re: Password in cleartext

Board footer