When we use password 'plain' method, the password is always displayed in the directive
In User Management technique, if we use the 'plain' method for password management, the clear text password is always displayed. We should have an option to at least obfucate it so that people with little rights won't see it
#12 Updated by François ARMAND about 1 year ago
- Status changed from New to Rejected
In last version of the technique, we are not displaying the password unless if you check the option for that.
About the right: it does not seem correct to forbid people with READ ONLY rights to see the clear text password (think for example about an auditor who need to have access to that information). The correct behavior if it is a problem is to use hashed passwords.