|
Subject:
|
Textmode Password
|
|
Posted By:
|
rit01
|
Post Date:
|
3/13/2006 7:22:55 AM
|
Hi All
As part of a system I have developed I have a function the enables the user to update their username and password for the site. Basically it pulls their current username and password from the user DB into 2 text fields and then they can alter and update... simple!
The problem I have just encountered is that when you set the password field's textmode to PASSWORD it doesn't show the current password as '*******'. Is it possible to load the current password as I wanted to let the use alter either fields and not both every time.?
Warm Regards
Rit
|
|
Reply By:
|
jbenson001
|
Reply Date:
|
3/13/2006 3:29:01 PM
|
What does it show? And what do you mean by?
quote:
Is it possible to load the current password as I wanted to let the use alter either fields and not both every time.?
|
|
Reply By:
|
rit01
|
Reply Date:
|
3/13/2006 3:37:40 PM
|
Sorry Jim, I didn't make myself clear did I. Doh!
Basically what I was expecting the password field to do is load up with the users current password hidden behind asterisks so that if they could update the username field without having to retype the password.
At the moment with PASSWORD selected as the textmode for the password field, if they want to update just their username they have to retype their password too as the PASSWORD texmode stops their current password from loading up.
|
|
Reply By:
|
jbenson001
|
Reply Date:
|
3/13/2006 4:37:06 PM
|
If have never tried to load text into a password type textbox, but I am guessing is's proabaly by design for security purposes.
|
|
Reply By:
|
rit01
|
Reply Date:
|
3/13/2006 4:40:22 PM
|
No worries, I suppose its there for a good reason.
Thanks anyway!
Rit
|
|
Reply By:
|
Imar
|
Reply Date:
|
3/13/2006 5:14:26 PM
|
Yeah, I agree. It's a security feature, and probably there for a good reason. However, it's also pretty easy to circumvent. Instead of assigning the password to the Text property, you can manually override the attribute "value", like this:
txtPassword.Attributes.Add("value", "The Old Password");
But, like you said: it's there for a good reason. With this trick, you'll be sending down a password in clear text where it can be cached. In fact, you actually shouldn't have the clear text password available on the server in the first place.
A common practice is to not update the password when the field is blank. This requires some explanation to the user, but it might be worth it.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|
|
Reply By:
|
rit01
|
Reply Date:
|
3/14/2006 4:11:22 PM
|
Thanks Imar,
Rit
|
|
Reply By:
|
theanimation
|
Reply Date:
|
12/13/2006 10:59:22 AM
|
This thread has been helpful to me.
What I ended up doing was txtPassword.Attributes.Add("value", "~~~~"); so that four astericks would show up in the field.
Then when the user goes to save the account, it only updates the password if txtPassword.Text != "~~~~"
This way, it is clear to the user that a password exists, the password is not sent to the page, and the password can be updated.
(the only flaw might be that no one can use the password "~~~~")
|
