new install improvements for install.php
Just installed v3 beta and would like to suggest the following two improvements to the install process in install.php:
ROOT/ADMIN PASSWORD
#1 - It asks for the root/administrator password, but the password field is plain text. To improve the security, this should be input type=password to hide the typed password, but to ensure you typed it correctly there should also be a second "Confirm Password" field that is also type=password. This will allow you to verify/confirm the password you typed, but also allow it to remain hidden from prying eyes.
DATABASE NAME/USER/PASSWORD
#2 - I am curious as to why I need to enter my database information in the config file, and the enter the same information again on the install screen. It seems to me, that if I already entered it in the config file, I should not have to enter again on the install screen. Alternately, if I have not entered in the config file, then when I enter it on the install screen it shoudl automatically generate the config file for me.
Thanks
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
This is more a question than a blueprint.
The reason why these info are in the install form is security: it ensures YOU are the one having the credentials allowing you to start the install process. They are not actually used (since they are present in the config file), but asking them prevent a bad guy to run the install script and ruin your site.
---
I guess that makes sense... that way even if you don't delete the install.php script, nobody can try to install something new.
As far as #1 goes though, I think the Root/Admin Password and the DB Password fields need to be type=password and not plain text for security reasons. And since they will not be plain text, they should have a Password field and a Confirm Password field to make sure you typed it right.
