Jump to content

How can I add my tuppence worth to a bug report that's been closed

Guest Brivtech

By Guest Brivtech
in Technical Help

 Share

Recommended Posts

Guest Brivtech

Guest Brivtech

Posted
Posted

This one is driving me nuts! :)

http://www.cubecart.com/beta/bugs/bug_view...ge.php?bug_id=9

I'm guessing it's the database settings section that's causing the password manager to pop up every time.

While I appreciate that it's a firefox problem, surely, the programming could be improved to stop it happening in the first place - Like checking to see if an update is actually being made to the password before writing it each time?

:)

Very irritating, and I'm not going to disable the password manager just for a single application.

Link to comment
Share on other sites

Guest

Guest

Posted
Posted

That's very much the same way I feel about it. I don't have the issue with any other software, but only with the beta version of CC. Certainly, it's related to the way CC beta is handling things.

Link to comment
Share on other sites
Al Brookbanks Proficient

Al Brookbanks

Posted
Posted

It's not a bug!!!!!!!!!!!!!!!!!!!!!! :) :) LOL

There are password fields in the form. Standard browser behavior is to ask you what user you want to remember it for. The only solution is to change the password boxes to a text box which is not secure or to remove the field all together.

Maybe we should remove it.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

The only solution is to change the password boxes to a text box which is not secure or to remove the field all together.

I'm assuming you mean the "SMTP Password:" and "Database Password:" fields. I didn't consider those when I got the message, which is why it confused me. I thought it was asking about the admin password.

It seems to me that anyone who has gained access to the admin screen itself would be allowed to see the password fields. Not sure what security issues there would be in having the password fields be textboxes.

[Considering the database password field, I also wonder about the reason for having "For reference only" data shown. If it can't be changed, why show it?]

Link to comment
Share on other sites
Guest Brivtech

Guest Brivtech

Posted
Posted

[Considering the database password field, I also wonder about the reason for having "For reference only" data shown. If it can't be changed, why show it?]

It does show the number of dgits - Perhaps that would help someone somehow. :)

I suppose I could also take this opportunity to moan about the way the admin login works when you use secure mode. Can't the checkbox be processed when you actually click the login button, rather than when you've already typed in your login data, and lose it when clicking the checkbox (because you're making the page reload to https)? There's a process logic flaw in the programming delivery there.

Link to comment
Share on other sites
Al Brookbanks Proficient

Al Brookbanks

Posted
Posted

Hi guys. You are right the password warning is on the SMTP password field. I can see how it is annoying but I thought it enhanced security.

Brivtech is correct about the DB password. I thought it could act as a reminder by character length. We are having a security audit then so I will ask the auditor about recommendations.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...