Hide password in auto-type error message
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
When you misconfigure an autotype sequence, KeePass will show an error message containing the password in cleartext. See screenshot with password "123" as an example.
While this might be useful for debugging in some cases, I don't think the password should be shown without a warning. Perhaps a second person sits right next to you...
I'm not sure this is a bug, but showing the Auto-Type sequence without replacing the placeholders is a good way to display the error.
cheers, Paul
Showing the final auto-type sequence is the intended behavior. Without filling placeholders, you couldn't detect certain problems.
However, I could imagine adding an option for hiding passwords in such dialogs. Therefore, I'm moving this to the open feature requests.
Thanks and best regards,
Dominik
Ticket moved from /p/keepass/bugs/2076/
For what it's worth, I think the best behaviour would be to validate the auto-type configuration prior to saving the entry. This would ensure that invalid auto-types never get to be used.
I don't really understand why it would ever be desirable to display the password in the dialog. KeePass makes every effort to mask the password on-screen in all other areas of the UI, unless the user specifically requests to see it. This behaviour should be consistent IMO.
Even if the auto-type sequence would be validated at this point (which wouldn't be trivial, e.g. because plugins can provide placeholders), this wouldn't catch all errors. For example, a field reference could retrieve a placeholder from a different entry, which may change at any time and result in an invalid auto-type sequence.
Best regards,
Dominik