Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59326

Don't use password field for shared secrets

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • 3.7
    • 3.4, 3.5.5, 3.6.3
    • Forms Library
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • MOODLE_37_STABLE
    • Hide
      1. Create a new WebDAV repository instance
      2. Confirm the WebDAV server password field is a passwordunmask field type
      3. Create a new MongoDB cache store instance
      4. Confirm the Password field is a passwordunmask field type
      Show
      Create a new WebDAV repository instance Confirm the WebDAV server password field is a passwordunmask field type Create a new MongoDB cache store instance Confirm the Password field is a passwordunmask field type

    Description

      Following from MDL-57021 there are still 2 cases where we use a password form for shared secrets. This is what the "passwordunmask" field is for, and using this field will prevent password managers from auto-filling these fields with passwords from the users password list and accidentally overwriting the value.

      cache/stores/mongodb/addinstanceform.php

      repository/webdav/lib.php

       

      Attachments

        Issue Links

          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-63734 If passwordunmask field is hardcoded in config.php, do not show the value

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Improvement - An enhancement to an existing Moodle feature. MDL-64190 Site admin password fields should use password config element

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-57021 The new 'password unmask' field should only be used when entering shared secrets

          • Critical - Crashes server, loss of data, severe memory leak
          • Closed

          Activity

            People

              pholden Paul Holden
              damyon Damyon Wiese
              Jake Dallimore Jake Dallimore
              David Monllaó David Monllaó
              Anna Carissa Sadia Anna Carissa Sadia
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                20/May/19

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m