Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#147 Param mail.server.password is exhibited as plain text

closed-fixed
nobody
None
5
2011-09-15
2011-09-13
wiliancb
No

When editing the option mail.server.password, the label shows the password in plain text. It should be better use asterisks in visualization and editing the password.

Discussion

  • wiliancb
    wiliancb
    2011-09-13

     
    Attachments
  • J. Ulbts
    J. Ulbts
    2011-09-15

    I just looked into it. The problem is that code to edit fields is generic, meaning there is no option to to change anything. The text to display as well as the value to change is set by ConfigFormPage.java (package: info.jtrac.wicket). This fills the values for ConfigFormPage.html (also package: info.jtrac.wicket).
    As I don't know wicket, I can't tell if there is some 'if..else' that can be used inside the HTML code. With that I could add change the input field to <tt>type="password"</tt> when the key contains the substring "password" or as in this case the concrete key "mail.server.password".

     
  • J. Ulbts
    J. Ulbts
    2011-09-15

    Ok, I almost thought the code below would fix it but wicket complains and throws the error at the end of this message...
    -----------
    /*
    * We have to check if the 'param' field refers to a normal
    * text that can to be edited or a password field.
    * If it's password field we have to use the PasswordTextField,
    * otherwise the text would be visible.
    */
    if (this.param.toLowerCase().indexOf("password") != -1) {
    // It seems to be a password field
    add(new PasswordTextField("value"));
    } else {
    // It's a normal text field
    add(new TextField("value"));
    }
    ---------

    Error thrown when run with the code above:
    org.apache.wicket.markup.MarkupException: Component value must be applied to a t
    ag with 'type' attribute matching 'password', not 'null'.

    So simply replacing TextField with PasswordTextField doesn't work. As I'm off on vacation in a few hours I can't look into it in more detail. Maybe someone else could take a look.

     
  • J. Ulbts
    J. Ulbts
    2011-09-15

    Ok, fixed it but in the list with all the settings the password will be still visible!
    Added two new files (ConfigPasswordFormPage.java and ConfigPasswordFormPage.html) and modded one (ConfigListPage.java).
    I just checked in the modifications.

     
  • J. Ulbts
    J. Ulbts
    2011-09-15

    • status: open --> open-fixed
     
  • J. Ulbts
    J. Ulbts
    2011-09-15

    • status: open-fixed --> closed-fixed
     
  • J. Ulbts
    J. Ulbts
    2011-09-15

    Fixed showing the current password in the editing dialog. Still the value is shown in the list of all configuration parameters. If someone doesn't like that feel free to open another ticket.