Closed Bug 42037 Opened 24 years ago Closed 24 years ago

Passwords visible on editusers.cgi page

Categories

(Bugzilla :: Bugzilla-General, defect, P3)

Product:
Bugzilla
Component:
Bugzilla-General
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Bugzilla 2.12

People

(Reporter: JRobertson, Assigned: justdave)

References

Details

Attachments

(1 file)

Patch to change password entry to use a HTML password field
547 bytes, patch
Details | Diff | Splinter Review 
When editing users via the editusers.cgi page, the user's password is visible.  
This causes some concern for our users, since they may want to use one of their 
common passwords.

It is trivial to change this field to a password field so the password isn't 
visible.  Someone with rights can still change a users password, they just 
can't see it on the screen.  I've attached a patch to make this change.

Bugzilla passwords are still stored in the mysql database as plain text.  
However, I suspect that very few bugzilla users have direct access to mysql.
Seems like a reasonable very low risk patch to make bugzilla respect privacy. 
Adding 'patch' keyword for easier querying.
Keywords: patch
Blocks: 43613
Taking this one...
Assignee: tara → dave
This has been checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
In search of accurate queries....  (sorry for the spam)
Target Milestone: --- → Bugzilla 2.12
Whiteboard: verified on b.m.o
this has been working for a long time. marking verified
Status: RESOLVED → VERIFIED
Whiteboard: verified on b.m.o
Moving closed bugs to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: