Do not transfer content of fields with eval=password
When you edit an arbitrary record with a password field, the content of the password field (as stored in the database) is transfered to the user. This affects i.e. the value of backend user passwords if the backend user record is edited by admins. This might imply that the password hash is transfered over an unencrypted connection without any need.
It would be nice if the content of password fields would not be part of the delivered html.
#1 Updated by Mathias Schreiber almost 4 years ago
- Tracker changed from Feature to Task
- Target version set to Candidate for patchlevel
- TYPO3 Version set to 6.2
- FormEngine InputElement
- FormEngine RSAElement
- autocomplete = off
- set hidden field to disabled and only set enabled on change
- remove hidden field value