[2.0.28] Freshly entered passwords can be copied out

[gaston1592]

It is possible to copy passwords that were just entered.
This might be a potential small security issue. Most password fields, such as those in web browsers, do not allow the use of Ctrl+C.

Steps to Reproduce:
- Connect to a password-protected multiplayer game.
- Enter 'hunter2' in the password field.
- Select all text using Ctrl+A.
- Copy the text using Ctrl+C.
- Switch to a text editor.
- Paste the text using Ctrl+V.
Expected Result:
- The password field should prevent the copying of entered text to ensure security.
Actual Result:
- The entered password (hunter2) is visible when pasted into the text editor.

[Rseding91]

Thanks for the report however I'm going to say this is fine. If one of the other developers wants to tinker with this they can, but this doesn't seem like it's actually going to improve anything by limiting the ability to copy from this field.

[gaston1592]

I played a bit more with this and found out it is possible to copy out the stored multiplayer server password when you reopen a password protected server. This still needs local access to the computer and the last used server password is probabely also present in a config file. So not that big of an issue.

[Rseding91]

Server passwords aren't treated with any kind of special security. They get stored on disk as plain text and sent to servers as plain text. So to prevent copying from the password field would just add a false sense of security around them.

[gaston1592]

Thanks for having a look again and your explanation. As someone with an IT security background, I was a bit shocked to be able to copy out a password. However in the context of this game, it seems OK.