Menu
▾
▴
Re: [webmin-devel] [feature request] new password type for modules' configuration
|
From: Jamie C. <jca...@we...> - 2004-10-18 05:17:37
|
On Mon, 2004-10-18 at 12:42, ra...@si... wrote: > On Sun, 18 Oct 2004, Jamie Cameron wrote: > > > On Mon, 2004-10-18 at 01:03, Emmanuel Saracco wrote: > > > hi jamie, > > > > > > could it be possible to have a simple password field for modules > > > configuration section (other than 12, which is sometime confusing for > > > the user). > > > > > > "simple", that means: only a <input type="password" name="var" > > > value="">, and nothing else (no radios for exemple :-) ). > > > > > > is this type already exist (I did not see it)? > > > > I can't see any harm in a new config type 16 being added which just > > displays a password field, with no 'dont change' option. However, I > > would recommend the use of type 12 in general for password fields, as it > > is a little more secure as the current password is not included in the > > HTML.. > > > > - Jamie > > > > I know that this is mostly just my opinion, but would think that a prime > reason would be how would the module know that the password has been > changed legitimately, and not ignored and inadvertantly left blank. And a > significant second would be that if it was passed as part of the > configuration, then it isn't very secure as it would be part of the form, > and then easily seen (just display the source). > > As much as it seems like there is value, I personally think that it > would be a better solution to identify what is confusing, and make it no > longer confusing. BTW, I am trying to understand why, as a configuration > option, the current mechanism isn't suitable, as the configuration isn't > intended to be called on each invocation of the module? You'll have to ask the module author who requested this feature about this one :-) However, none of the core Webmin modules will use this new type, for the reasons you mentioned .. > However, if there is a new type, I would also like to request that this > be identified as an insecure type, and allow the core to disallow any > insecure types, or turn them into a (more) secure type (i.e. change a 16 > into a 12). I will add support for a hidden option in /etc/webmin/config called config_16_insecure , which if set to 1 will convert all type 16 inputs into type 12. - Jamie |
