On 1/5/07, Marcos Sader | marcosmedia <[EMAIL PROTECTED]> wrote:
There is one thing that needs to be changed since Mingus or before, but i
always forget to mention it. When you install WordPress the password field
is set as a text (type="text"), so anyone around me is able to see that
password as i type it, even worst, it is remembered by the browser as it is
part of the form data stored, so it will be auto-populated next time (in
plain text).
In setup-config.php, the field
<td><input name="pwd" type="text" size="25" value="password" /></td>
should be replaced with,
<td><input name="pwd" type="password" size="25" value="password" /></td>
It is not critical, but necessary.
Very much agreed on that point. I did a few clean installs, as well
as upgrades on dummy sites, and had that same thought. I had a note
to make a similar comment, so thanks for getting it in there quickly,
Marcos!
--
-dave
PGP Public Keys:
http://scoop0901.net/PGP/PgPkEyS.htm
Verify email with digital signatures, or encrypt for privacy
while offering job security to crackers at NSA, DHS, and TIA!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Dave Jackson * Philadelphia, PA * http://blog.scoop0901.net
~ "A journalist's job is to comfort the afflicted and afflict
~ the comfortable." -- Finley Peter Dunne (1867-1936)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(") ASCII Ribbon Campaign | You can't get a virus from ASCII!
X No HTML/RTF in email | No one ever said "I can't read
/ \ No Word docs in email | that ASCII email you sent."
(c) 2004 by Dave Jackson (Scoop0901). All rights reserved.
_______________________________________________
wp-testers mailing list
[email protected]
http://lists.automattic.com/mailman/listinfo/wp-testers
