Topic: hidden tripcode

Maybe I can just turn this on somewhere but I haven't seen it:
The tripcode always shows in clear text, which is great for social engineering but bad for security, especially when it's an admin.
The tripcode should show as: ***** instead.

2

Re: hidden tripcode

I've never thought of the tripcode as the same as the password- they are used for identification not for authorization (admin/mod tripcodes excepted, of course)- so it's treated fairly laxly. More concerning than the cleartext entry, for example, is the fact that it is stored in a browser cookie.

Still, it's easy to change to the obfuscated form - just change the input type of the tripcode field in post.tmpl from type="text" to type="password.

Re: hidden tripcode

Thank you, I changed it to obfuscated form.
Regarding security with cookies: How about a "Remember me on this computer"-option in the preferences?