[wp-trac] [WordPress Trac] #35707: On installation page, autocompleted password should not be visible.
WordPress Trac
noreply at wordpress.org
Wed Feb 3 22:03:18 UTC 2016
#35707: On installation page, autocompleted password should not be visible.
-----------------------------+-----------------------------
Reporter: smerriman | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
We have a development server where new installations of WordPress are
regularly created on the same domain.
On the WP installation page, if you enter a username used elsewhere on the
domain, the password field will be autocompleted if you have set the
browser to remember it.
The fact the autocomplete occurs is not a problem - however, the password
appears in plain text. If anybody else is watching the screen, seeing a
brand new random password for a brand new installation is OK (and you can
click hide and change it if necessary) - but seeing a saved password from
elsewhere is not.
Autocompleted passwords should never appear in plain text. Removing
autocomplete is one option, though some people may find it useful - but I
think the ideal solution is that any changes to the password field should
hide it automatically.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35707>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list