Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password fields should be type="password" #49

Closed
mven opened this issue Jul 10, 2015 · 8 comments

Comments

Projects
None yet
8 participants
@mven
Copy link

commented Jul 10, 2015

It's currently:

<input type="text" id="S_Server1_Password" value="" class="editsmall">

It should be:

<input type="password" id="S_Server1_Password" value="" class="editsmall">
@hugbug

This comment has been minimized.

Copy link
Member

commented Jul 10, 2015

In my opinion it's better to have password fields plain because that makes it easier to control the settings.
On the other side I understand your concerns.

Suggestion: show passwords masked by default but provide a way to show them as plain text. Two alternatives:

  1. button "Show" near each password field;
  2. option "Show passwords" in menu "View" on settings. That menu currently have only one option "Compact mode".

I'm adding label "help wanted" to this issue. Contributions are welcome.

@marcelbrueckner

This comment has been minimized.

Copy link

commented Dec 4, 2015

+1 for type="password"

@IvanJosipovic

This comment has been minimized.

Copy link

commented Jan 11, 2016

+1 for type=password and a checkbox for "Show Passwords"

@RollingStar

This comment has been minimized.

Copy link

commented Jan 21, 2016

Is this just for managing Usenet servers? Does it apply at all to NZB download passwords?

@hugbug

This comment has been minimized.

Copy link
Member

commented Jan 21, 2016

It's not for nzb-passwords.

@cxhamilton

This comment has been minimized.

Copy link

commented Mar 17, 2016

What is the problem that you are trying to solve? If the problem is someone looking over your shoulder, the masking or hiding the password with an option to reveal would be suitable. If the problem is a proxy or "man in the middle" inspecting your unencrypted traffic, the only secure option would be to remove the feature that shows a stored password. The password field would be one way, to set or update a password.

@war59312

This comment has been minimized.

Copy link
Contributor

commented Apr 12, 2016

Well +1 as it helps with password managers. ;)

Should also help with screen readers like jaws to recognize it's a password field.

Speaking of... Anyone ever test NzbGet with screen readers. Just because your blind, should not mean you can't use NzbGet.

@guaguasi

This comment has been minimized.

Copy link
Contributor

commented Aug 12, 2016

Just created PR #260 for this.

hugbug added a commit that referenced this issue Sep 9, 2016

#49, #260: fields containing passwords are now password fields
- fields containing passwords are now password fields with option to view;
- excluding post-processing/archive password.

@hugbug hugbug closed this Sep 9, 2016

@hugbug hugbug added this to the v18 milestone Sep 16, 2016

hugbug added a commit that referenced this issue Sep 5, 2017

hugbug added a commit that referenced this issue Oct 9, 2017

#49, #260: fields containing passwords are now password fields
- fields containing passwords are now password fields with option to view;
- excluding post-processing/archive password.

hugbug added a commit that referenced this issue Oct 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.