Suggestion: Passwords

[VinceN]

I've noticed that a lot of areas in the website (Particularly on the install screen) show the ASCII characters instead of the usual *** marks when entering passwords.Might want to change that over as that seems to be standard security practice.

[Nabeel]

I just had it on the install screen so you're able to tell it's correct, since it's a one-time entry for the database.

[VinceN]

Might I suggest instead that you have a "Confirm" field for passwords. Enter it once then enter it again and do a check to see if they were entered the same both times.I'm not sure I'm comfortable that anyone glancing at my screen can see the password I'm typing in, one time or not.

[Nabeel]

For the database installer, or the site setup page?

[VinceN]

Anywhere there is a password it should use the ***** entry method. Any time a password is being entered for the first time or changed you should need to enter it twice to make sure its right.That seems to be the standard practice from my experience.

[Nabeel]

Yeah, it's this way for everywhere, except the installer.I'll change it. Most installers I've used leave the database password open, since those are complex.I'll be changing them for one of the next builds though.