• Status Unconfirmed
  • Percent Complete
  • Task Type Bug Report
  • Category Installer and Upgrader
  • Assigned To No-one
  • Operating System All
  • Severity Medium
  • Priority Very Low
  • Reported Version
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by rlerner - 02.04.2015
Last edited by peterdd - 12.05.2015

FS#1988 - Password Field for Admin

The installer requests a password for the admin account, and provides a default one.

Because this field is not type=”password”, the browser caches this data for any field named “admin_password”

This also applies to future installations of the software.

I have marked this as critical as this can pose a security hazard. A different implementation would be allowing entry of password, or in the case of wanting to provide a default one, have two password fields prepopulated, and a text one prepopulated so that it can be viewed by the end user.

My bad for not seeing the security procedure linked on the page.

Project Manager

Made a pull request on github, please take a look if that solves your consideration.

Made it a password input field that can be switched by js to view the password. Does this helps in your case?

Which browser and under which concrete circumstances (crossdomain?) it is a problem?

Project Manager

In Firefox 38.0 Update history (2015-05-12):

Changed autocomplete=off is no longer supported for username/password fields


Available keyboard shortcuts


Task Details

Task Editing