#46 add "show password" link for mailboxes

closed-wont-fix
nobody
5
2013-12-01
2008-11-23
Christian Boltz
No

SVN r482 introduced showing passwords in edit-mailbox.php - but in a quite broken way because it relied on an browser extension to change the stars in the password field to readable text.

r482 was therefore reverted.

We should add this feature in a way that works for everybody.

(Needless to say that this is only useful for non-encrypted passwords ;-)

Some sniplets and ideas from the mailinglist:

add a "show password" link (with a $CONF setting to enable it, default should be disabled) which displays the password somewhere (using flash_info or a alert() feeded with a AJAX request) This would have some advantages:
- it works in every browser and does not depend on special browser extensions
- it only transfers the password on request - which reduces the risk (and number) of passwords in browser cache etc. a lot
- it would easily allow to mail a notification to the user, which might be required by some people/companies for privacy or policy reasons

> (So far, Postfixadmin is AJAX free, perhaps it should stay this way?)

I don't want to do "big" things with AJAX. But I don't see a problem in using something like
alert($password_fetched_by_AJAX_request>)
The fallback could be that the "show password" link uses flash_info for this - with the disadvantage of causing a page reload (and possibly loose changes).

Discussion

  • why would you open edit-mailbox if you don't want to change name/password?
    so user should be notified if someone open it mailbox in edit mode

    if you care about security you should use https to avoid passwords sniffing

    also i'm not sure that you can copy password from js alert box

    the real issue was only missing check if password stored in clear text or not

    also, you can't always change password for user b/c then you will have to change settings on every users pc/gadget

     
  • Bjorn
    Bjorn
    2009-05-22

    I have a requirement for this feature and I was able to implement is very simply. I have tried to keep the changes to an absolute minimum so that I can easily add it into new releases as they come out. I was very impressed at how simple it was to add this feature. I guess this shows postfixadmin has been designed very well :)

    ALTER TABLE `mailbox` ADD `clear_password` VARCHAR( 255 ) NOT NULL ;

    vi edit-mailbox.php

    FIND:
    $tName = $user_details['name'];
    ADD:
    $tClearPassword = $user_details['clear_password'];

    FIND:
    $formvars['password'] = pacrypt($fPassword);
    ADD:
    $formvars['clear_password'] = $fPassword;

    vi templates/edit-mailbox.php
    FIND:
    <tr>
    <td><?php print $PALANG['pEdit_mailbox_username']; ?></td>
    <td><?php print $fUsername; ?></td>
    <td><?php print $pEdit_mailbox_username_text; ?></td>
    </tr>
    ADD:
    <tr>
    <td>Password</td>
    <td><?php print $tClearPassword; ?></td>
    <td></td>
    </tr>

     
  • Thinking about this again, I'm finally closing this request as "wontfix".

    Reasons are:
    - the password would be available in the browser cache - if someone can read your cache, then he'll be able to steal the password.
    - it would only work with cleartext passwords
    - the idea of an additional clear_password column makes things even worse - if the config says to encrypt the password, then admins will kill us for having an additional clear_password column

     
    • status: open --> closed-wont-fix