[ postfixadmin-Bugs-2646447 ] show admin's password too

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Bugs item #2646447, was opened at 2009-02-27 12:03
Message generated for change (Comment added) made by christian_boltz
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2646447&group_id=191583

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Rejected
Priority: 5
Private: No
Submitted By: Pavel Volkovitskiy (olfway)
Assigned to: Nobody/Anonymous (nobody)
Summary: show admin's password too

Initial Comment:
if $CONF['show_password'] == "YES" then show admin's password too

PS: there is extension for FF "Unhide Passwords" so passwords will be in "****" form until you clicked on password field

----------------------------------------------------------------------

>Comment By: Christian Boltz (christian_boltz)
Date: 2012-05-28 11:24

Message:
This is not what $CONF[show_password] was made for ;-)

From config.inc.php:
// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';

Your patch would include the password in the edit-admin form, visually
obscured as '*******' - but it would be available in clear text if someone
uses "view source" or (bigger risk) reads your browser cache.

In other words: It would make PostfixAdmin insecure! 
Therefore I'm rejecting this patch.

If you really want this feature (IMHO it's a mis-feature), you'll have to
apply to the patch to your installation of PostfixAdmin yourself.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2646447&group_id=191583