While editing/updating the profile, the password is retrieved and displayed as asterisks. This can be easily see by viewing the source of the html.
From a security point of view; Is it required to get the password from the server when the user is editing the profile? (There is some amount of risk of it being compromised)
Most of the sites which I have seen do not get the password from the server when the profile is being editied. There is separate link to update the password. This takes the old password as well new password
Can a simlilar thing be done here?
...just my thoughts.
You can't wake a person who is <b><i>pretending</i></b> to be asleep.<br />Like what <b>"it"</b> does not like - <i> Gurdjieff </i>