This week's book giveaway is in the Beginning Java forum.
We're giving away four copies of Learn Java with Math: Using Fun Projects and Games and have Ron Dai on-line!
See this thread for details.
Win a copy of Learn Java with Math: Using Fun Projects and Games this week in the Beginning Java forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Edit/Update Profile - password populated

 
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While editing/updating the profile, the password is retrieved and displayed as asterisks.
This can be easily see by viewing the source of the html.

From a security point of view; Is it required to get the password from the server when the user is editing the profile? (There is some amount of risk of it being compromised)

Most of the sites which I have seen do not get the password from the server when the profile is being editied. There is separate link to update the password. This takes the old password as well new password

Can a simlilar thing be done here?

...just my thoughts.
 
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're right, it's not good practice to send the password back and forth, and not even over HTTPS. We'll keep that in mind for the NewForumSoftware, which hopefully we'll eventually move to.
 
look! it's a bird! it's a plane! It's .... a teeny tiny ad
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!