Hi Gato,
as I’'ve got the feeling that you missed this post:
JM-817 causes trouble for me. I may enter a password “foo” and save it. If I come back to the Email Settings page to change the Mail server (this happens nearly every week) and press save then the password “foo” will be overwritten with the hash which is now stored there.
/connection-managers-settings.jsp displays still the unencoded password, so there’'s no problem except that one with access to the web console can view it without problems.
LG
++
As the field is a password field it may help to supply two of them as one can’'t see what one is typing in and a typo is hard to detect. And to make it really secure probably add a third field so one must enter the old password to change it, like:
New Password: [_________]
Confirm New Password: [_________]
Old Password: [_________] + \hiddenid=[hash of current password]
As one is admin and not a 0815 user one could drop the third field.
++ ++
http://server:9090/server-properties.jsp does display passwordKey hidden but using “Edit” one can display this value. => created JM-823 to get this fixed
++ ++ ++
ping to get Gatos attention
I can’'t reopen the issue, but I could of course create a new one …