Menu
▾
▴
Re: [webmin-devel] [feature request] new password type for modules' configuration
|
From: <ra...@si...> - 2004-10-18 02:44:28
|
On Sun, 18 Oct 2004, Jamie Cameron wrote: > On Mon, 2004-10-18 at 01:03, Emmanuel Saracco wrote: > > hi jamie, > > > > could it be possible to have a simple password field for modules > > configuration section (other than 12, which is sometime confusing for > > the user). > > > > "simple", that means: only a <input type="password" name="var" > > value="">, and nothing else (no radios for exemple :-) ). > > > > is this type already exist (I did not see it)? > > I can't see any harm in a new config type 16 being added which just > displays a password field, with no 'dont change' option. However, I > would recommend the use of type 12 in general for password fields, as it > is a little more secure as the current password is not included in the > HTML.. > > - Jamie > I know that this is mostly just my opinion, but would think that a prime reason would be how would the module know that the password has been changed legitimately, and not ignored and inadvertantly left blank. And a significant second would be that if it was passed as part of the configuration, then it isn't very secure as it would be part of the form, and then easily seen (just display the source). As much as it seems like there is value, I personally think that it would be a better solution to identify what is confusing, and make it no longer confusing. BTW, I am trying to understand why, as a configuration option, the current mechanism isn't suitable, as the configuration isn't intended to be called on each invocation of the module? However, if there is a new type, I would also like to request that this be identified as an insecure type, and allow the core to disallow any insecure types, or turn them into a (more) secure type (i.e. change a 16 into a 12). ---- Randy |
