Sat Jan 21, 2017, 9:31 pm
 3  198
Showing 1 to 4 of 4 entries.

Hi Bob,

I just changed my settings for sending CF form emails via SMTP and noticed the password field is not masked. When I type in the password not only am I seeing every character, it also stays there. If I go back to that page, the password is there in all it's glory!

Needless to say, this is a huge security risk. Please add a mask to the password field in settings.

Thanks in advance,

Jose

131 161
Sat Mar 14, 2009, 7:14 pm

Hi Jose,

That would be for Max to change in a new release - but I'm not clear what the security risk is? Do you have some untrustworthy site admins?

Bob


ChronoForms technical support

If you'd like to buy me a coffee or two, thank you very much

Moderator
45904 57479
Tue May 29, 2007, 6:15 pm

Hi Bob, I don't. But there are "external forces" that could come into play. Here are two scenarios that pose a risk:

- The site gets hacked (as much as we try to avoid this by installing all patches, you and I know this can very well happen)

- An admin's computer gets hacked (some of my clients are super admins. I can't control how good they are with security)

In the end, masking password fields is standard procedure for web development. Please pass the request onto Max for the next release.

Best always :-)

j.

131 161
Sat Mar 14, 2009, 7:14 pm

Hi Baxterdown,

If you want to, then you can change the setting at line 50 of /administrator/components/com_chronoforms5/chronoforms/views/settings.php

Neither of your scenarios are actually valid - all that a password input does is protect from 'over the shoulder' risks where someone else can see you typing in a password. If you have browser access to the page then it is trivial to use the web developer tools to see what the password is.

Bob


ChronoForms technical support

If you'd like to buy me a coffee or two, thank you very much

Moderator
45904 57479
Tue May 29, 2007, 6:15 pm
Showing 1 to 4 of 4 entries.

Powered by ChronoForums - ChronoEngine.com

ChronoForms Book

The ChronoForms Book, written for ChronoForms v3 contains 350 pages of invaluable ChronoForms How-tos hints and tips.

Note: many of the ideas can be used in ChronoForms v4 but the admin interface is very different and code examples may need to be modified.

SSL

Members Login

 

2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for
goods and services provided by ChronoEngine.com