Security and privacy

Disable password Unmask option

This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.
Tim at Lone Pine Koala Sanctuary
Re: Disable password Unmask option
Group Core developersGroup Documentation writersGroup Particularly helpful MoodlersGroup Plugin developers

Well, for someone with Moodle adminsitrator access, it is quite hard to stop the accessing things. (For example if you had installed, admins could read the data directly from the database.)

However, there are some things you could do:

  1. In your theme, add a style rule div.unmask {display: none;} That will hide the option, but it is not very secure.
  2. Tweak the Moode code, to change calls like $mform->addElement('passwordunmask', ...) to $mform->addElement('text', ...), and admin_setting_configpasswordunmask -> admin_setting_configtext.

Also, you could set up your SMTP server so that the username and password that Moodle uses only has the minimum number of permissions necessary. Moodle does not need the SMTP server administrator password. It only needs to be able to send emails through the SMTP server.

Average of ratings: Useful (1)
Picture of Dimitris Chatzipanagiotidis
Re: Disable password Unmask option

Thank you for your reply.

I will try your suggestions or check for another workaround.

Average of ratings: -