Password Mask

baxterdown , January 11 at 17:11

Hi Bob,

I just changed my settings for sending CF form emails via SMTP and noticed the password field is not masked. When I type in the password not only am I seeing every character, it also stays there. If I go back to that page, the password is there in all it's glory!

Needless to say, this is a huge security risk. Please add a mask to the password field in settings.

Thanks in advance,



Hi Jose,

That would be for Max to change in a new release - but I'm not clear what the security risk is? Do you have some untrustworthy site admins?



Hi Bob, I don't. But there are "external forces" that could come into play. Here are two scenarios that pose a risk:

- The site gets hacked (as much as we try to avoid this by installing all patches, you and I know this can very well happen)
- An admin's computer gets hacked (some of my clients are super admins. I can't control how good they are with security)

In the end, masking password fields is standard procedure for web development. Please pass the request onto Max for the next release.

Best always :-)



Hi Baxterdown,

If you want to, then you can change the setting at line 50 of /administrator/components/com_chronoforms5/chronoforms/views/settings.php

Neither of your scenarios are actually valid - all that a password input does is protect from 'over the shoulder' risks where someone else can see you typing in a password. If you have browser access to the page then it is trivial to use the web developer tools to see what the password is.


Powered by ChronoForums -

ChronoForms Book

The ChronoForms Book, written for ChronoForms v3 contains 350 pages of invaluable ChronoForms How-tos hints and tips.

Note: many of the ideas can be used in ChronoForms v4 but the admin interface is very different and code examples may need to be modified.


Members Login Inc. (Ohio, USA) is an authorized retailer for
goods and services provided by