Description of my issue:
I would like to disable the ANGIE password warning that appears every time I run a backup. I already know that I have set an ANGIE password. It is always set.
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Wednesday, 04 August 2021 20:17 CDT
Description of my issue:
I would like to disable the ANGIE password warning that appears every time I run a backup. I already know that I have set an ANGIE password. It is always set.
You cannot disable that warning. There's a good reason behind it.
This warning appears if there is ANGIE password set up either in the Configuration page or in the Backup Now page. The problem is that we cannot know if you intended for a password to be set. Many browsers and third party password managers will just see that there is a password field and automatically file it in with whichever password they feel is the right one. In many cases this is your Joomla administrator password.
After the umpteenth ticket we received asking us what is the ANGIE password and why do we password protect the restoration without telling anyone the password (well, we don't!) we added this warning. An option to remove that warning would take us back to the same problem as having no warning so we are definitely not going to implement a feature to remove this warning. You can ignore it. In fact, it tells you that it only applies if you didn't know that you had set an ANGIE password.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Yes, I completely understand the reason why the warning is there. I have had the same problem with data fields being populated without my knowledge in other online forms, and it can cause calamity. However, for those of us who always use a password, it means that we we will become acclimated to ignoring warnings that are not valid for us. If the option to disable it was available, then each new warning that we see would have greater significance.
We have taken that into account as well. What we have implemented now and the way it is implemented is the least problematic solution to an issue caused by your browsers.
The technically correct solution we cannot implement is documenting that you need to disable password auto-filling in your browser. Your browser or password manager violates the Principle of Least Astonishment (POLA) and our documentation would tell you how to fix that. However, people wouldn't appreciate this for what I would hope is obvious reasons.
In fact, this is why this warning appears at the top of the Backup Now progress page and nowhere else. All other important warnings which can be detected reliably server-side appear in the Control Panel page and the top of the Backup Now setup page. They even have links which explain why they are there and how to solve them.
Again, as I said before, there is no way to divine the intent server-side. There is no real way to deal with it client-side either! Yes, we do have some JavaScript to reset the contents of the field after a small delay BUT some browsers add a variable delay of their own AND this doesn't work if it's auto-filled in the scant milliseconds between the page loading and the backup starting when you use the One Click Backup feature.
So, given that this is a browser issue we can't work around we are left with these options:
Beyond that, we are adding a small bit of text in the next release of Akeeba Backup, right in the ANGIE password page, explaining how you can disable the password. This is something I implemented nearly a month ago. HOWEVER, we cannot remove the backup progress warning just because we added some text explaining the corrective measure. People neither tend to read text on the screen when confronted with an unexpected situation nor do they stop to think and/or read the documentation to understand that the password is something they (or their browser / password manager) applied and NOT something we arbitrarily enforced without telling them about it.
For every warning you see in our software there's been a deliberate, long process of assessing alternatives and the risks they carry, carefully imposing the warning message to be succinct, write documentation and carefully execute the implementation in a way that makes sense.
There are many more cases where you don't see a warning message because it's something we could detect and rectify server-side. You will only see a message when the solution requires your interaction either because it's caused by third party software (including Joomla configuration options) OR it needs you to make a decision. We of course understand messages fatigue and we do try to keep messages to a minimum.
Finally, this warning does have great significance. The overwhelming majority of people do NOT set up an ANGIE password. They are caught off-guard when their browser magically auto-fills a password field they didn't notice because they were not looking for it. In fact, they do not KNOW this happened. All they know is that they tried to restore their backup and they're locked out of it so Akeeba Ltd must be an evil company which holds their web site backups ransom. This is a major problem for us, obviously. So between hypocritically removing this feature, throwing our security conscious users under the bus, and adding a warning which might annoy some people like you we would go with the latter every time. I'm sorry you are annoyed by it but at the end of the day you're the only person in 7 or so years to be annoyed so from our perspective our decision seems to be the right one.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!