Passwords visible on editusers.cgi page

VERIFIED FIXED in Bugzilla 2.12

Status

()

Bugzilla
Bugzilla-General
P3
trivial
VERIFIED FIXED
18 years ago
5 years ago

People

(Reporter: Jon Robertson, Assigned: justdave)

Tracking

unspecified
Bugzilla 2.12
x86
Windows 2000

Details

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
When editing users via the editusers.cgi page, the user's password is visible.  
This causes some concern for our users, since they may want to use one of their 
common passwords.

It is trivial to change this field to a password field so the password isn't 
visible.  Someone with rights can still change a users password, they just 
can't see it on the screen.  I've attached a patch to make this change.

Bugzilla passwords are still stored in the mysql database as plain text.  
However, I suspect that very few bugzilla users have direct access to mysql.
(Reporter)

Comment 1

18 years ago
Created attachment 9886 [details] [diff] [review]
Patch to change password entry to use a HTML password field

Comment 2

18 years ago
Seems like a reasonable very low risk patch to make bugzilla respect privacy. 
Adding 'patch' keyword for easier querying.
Keywords: patch
Blocks: 43613
Taking this one...
Assignee: tara → dave
This has been checked in.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
In search of accurate queries....  (sorry for the spam)
Target Milestone: --- → Bugzilla 2.12

Updated

17 years ago
Whiteboard: verified on b.m.o

Comment 6

17 years ago
this has been working for a long time. marking verified
Status: RESOLVED → VERIFIED
Whiteboard: verified on b.m.o
Moving closed bugs to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.