On Wed, Oct 1, 2014 at 4:11 PM, Dan Poltawski <dan@moodle.com> wrote: > The data in those fields are stored in plain text and shared between > multiple teachers (multiple accounts), so when another teacher comes > along - they could access it. There is a scale of severity of the data > in there - from real passwords to external systems to a shared > 'enrolment key' which is a passphrase which might be shared with some > students but not others. So, you're doing both of the following? * Using a password field for (sometimes) things that aren't passwords * Storing (potentially) sensitive data in the clear yourself, and sending it (again, in the clear) to other accounts/machines Unless I'm misunderstanding your description of your application, these sound like undesirable practices, which are themselves at the root of your users' lack of security, and the browsers' behaviors are merely illustrating this? PKReceived on Wednesday, 1 October 2014 23:18:00 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC