Task #80790
closed
do not expose the password hash in install tool
Added by Anja Leichsenring over 7 years ago.
Updated over 7 years ago.
Description
keep the password hidden, also the hash that's exposed after using a wrong Login.
Imho we can't do much in the Install Tool
What I meant is when editing a user in the backend, the hash is exposed in a hidden input field. FormEngine should be changed in a way to not render the value of password fields,
but only generate the hidden field when the password is changed
- Status changed from New to Under Review
- Status changed from Under Review to Rejected
We do need the output of the hash generated from the user input - that's a way to manually recover a closed install tool, by manually putting that value into LocalConfiguration.
The valid issue mentioned by Helmut should be done in a new issue that does not mix the backend password display up with the install tool password.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by