Closed
Bug 42037
Opened 24 years ago
Closed 24 years ago
Passwords visible on editusers.cgi page
Categories
(Bugzilla :: Bugzilla-General, defect, P3)
Tracking
()
VERIFIED
FIXED
Bugzilla 2.12
People
(Reporter: JRobertson, Assigned: justdave)
References
Details
Attachments
(1 file)
547 bytes,
patch
|
Details | Diff | Splinter Review |
When editing users via the editusers.cgi page, the user's password is visible. This causes some concern for our users, since they may want to use one of their common passwords. It is trivial to change this field to a password field so the password isn't visible. Someone with rights can still change a users password, they just can't see it on the screen. I've attached a patch to make this change. Bugzilla passwords are still stored in the mysql database as plain text. However, I suspect that very few bugzilla users have direct access to mysql.
Reporter | ||
Comment 1•24 years ago
|
||
Comment 2•24 years ago
|
||
Seems like a reasonable very low risk patch to make bugzilla respect privacy. Adding 'patch' keyword for easier querying.
Keywords: patch
Assignee | ||
Comment 4•24 years ago
|
||
This has been checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 5•24 years ago
|
||
In search of accurate queries.... (sorry for the spam)
Target Milestone: --- → Bugzilla 2.12
Updated•24 years ago
|
Whiteboard: verified on b.m.o
Comment 6•24 years ago
|
||
this has been working for a long time. marking verified
Status: RESOLVED → VERIFIED
Whiteboard: verified on b.m.o
Assignee | ||
Comment 7•23 years ago
|
||
Moving closed bugs to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•