Re: Test-Case 004 failed for WLUS 1.2-25
onsdag 21. april 2004, 20:45, skrev Andreas Schuldei:
> * Knut Yrvin (knuty@skolelinux.no) [040421 20:28]:
[snip]
> > It's a third (3) way to handle this. Schuldei could make the feeld "Admin
> > passord" with stars, when the password is cached. Then he shows that the
> > system has taken care of the WLUS-password. When it's not stars there,
> > the user-admin can type the WLUS-password again ...
> >
> > This will remove the problem with usability, and show the users that the
> > password is already in place :-)
>
> that is a good idea. i had it too and disregarded it because then
> i would need to re-transmit that password in the html-code of the
> page. it might get cached in the browser cache and could be
> extracted somehow, by evil people. so i opted against this for
> security reasons. we can do it anyway, of cause.
>
> if i would just transmit stars or some other junk, it would seem
> to webmin and wlus that this junk was entered as a password. i
> cant help that, that is how http and html works. if someone knows
> a good workaround i would like to hear that. if a wrong password
> is typed wlus uses that one instead of the cached value.
>
> /andreas
While reading this thread I found my self wondering:
Could this "some junk" be a flagging trough .. say a colour-change in the
Admin-password field? .. or a small text appearing next to it informing the
user?
- Just a spark :)
Gjermund Skogstad
Reply to: