[wp-trac] [WordPress Trac] #12479: User-specified password displaying during install
WordPress Trac
wp-trac at lists.automattic.com
Tue Mar 2 18:15:17 UTC 2010
#12479: User-specified password displaying during install
--------------------------+-------------------------------------------------
Reporter: Ribbontree | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version: 3.0
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
I appreciate the improvement that users are prompted to choose their own
password. However I think there has been an oversight with this change.
Historically it has been essential to display the password onscreen,
because the user did not specify it.
I believe it is now dangerous to continue displaying a user's own
specified password. It is obscurred with an <input type="password" />
field, so one would not expect it to be visible on a subsequent page.
Many people use their passwords for several different sites; to display
this password on screen, when it was originally obscured is likely to
upset people who weren't expecting this behaviour.
Tested in nightly build downloaded approximately 21 hours ago.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12479>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list