Quick Start Wizard - Server Password in Cleartext
Forum rules
Help us help you:
Help us help you:
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Quick Start Wizard - Server Password in Cleartext
When setting up sab 0.8 beta 3 using the quickstart wizard, it asks for your usenet server info. When you enter in the username and password, it shows up as clear text for the password. This should be censored out.
Re: Quick Start Wizard - Server Password in Cleartext
It should not.
Must be a recently introduced bug.
Must be a recently introduced bug.
Re: Quick Start Wizard - Server Password in Cleartext
That's what I thought. Consider this my bug report 
Re: Quick Start Wizard - Server Password in Cleartext
This is done on purpose:
While before password managers of browsers such as Chrome and Firefox would look for fields named Username and Password, now they will ask you to 'Save a password' as soon as they detect a password type field on the screen, whatever we name it.
If the users then in the wizzard let's the browser save their password, later it will very aggressively try to automatically fill that username and password everywhere it thinks there is something to fill. In the case of Sabnzbd, we had cases where this caused the browser to fill the server username and pass for the general Sabnzbd password in the first page of the Config.. Causing people to be locked out of their sabnzbd after hitting save and not noticing that.
Also, it might look censored, but it's only a visual browser trick in case anyone is looking over your shoulder.. Any code can still easily read the field.
So we chose to remove any password type field to avoid accidental fills by browsers or password managers.
In the config you will see passwords being replaced by ********, so it only is visible for those few moments during the wizzard.
While before password managers of browsers such as Chrome and Firefox would look for fields named Username and Password, now they will ask you to 'Save a password' as soon as they detect a password type field on the screen, whatever we name it.
If the users then in the wizzard let's the browser save their password, later it will very aggressively try to automatically fill that username and password everywhere it thinks there is something to fill. In the case of Sabnzbd, we had cases where this caused the browser to fill the server username and pass for the general Sabnzbd password in the first page of the Config.. Causing people to be locked out of their sabnzbd after hitting save and not noticing that.
Also, it might look censored, but it's only a visual browser trick in case anyone is looking over your shoulder.. Any code can still easily read the field.
So we chose to remove any password type field to avoid accidental fills by browsers or password managers.
In the config you will see passwords being replaced by ********, so it only is visible for those few moments during the wizzard.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate