stackoom
  简体   繁体   中英

How bad is it to set password text

 原文  2011-03-23 23:48:36       asp.net/ security/ passwords/ save/ user-input

Question

For <input type="password" />

In ASP.net: 

PasswordField.text = RawPasswordString;

This doesn't work, but can be circumvented with: 

PasswordField.Attributes.Add("value", RawPasswordString);

I'm doing this so when the registration form fails, they don't need to re-enter their passwords if they were valid, this annoys me no end on some websites. We have a CAPTCHA field that needs server validation, so when this fails (the most likely field to fail), I don't want them to enter a correct one, but then the passwords fail because they cleared, meaning they have to enter the CAPTCHA again .

What are the security reasons, and if this page is on HTTPS is that OK? If it's on HTTPS with nocaching, what else should I be aware of?

1 answers

solution1
 6 ACCPTED  2011-03-23 23:50:34

Absolutely not. Browsers still can cache the result and someone can look at the cache and take the password.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How bad is this? storing password in javascript How to set Text of a Textbox with type= “password” in code behind How to set default value to login password text box in asp.net? how to unlock an ASPNETDB user account after bad password count lockout? How to set the correct username and password textboxes? Default text appearing in the password text box ..how to make it disappear? AD Authentication Unknown username or bad password Logon failure: unknown user name or bad password UNC LogonUser: Unknown user or bad password How to set text to AjaxControlToolkit ComboBox
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM