• Post Reply Bookmark Topic Watch Topic
  • New Topic

Edit/Update Profile - password populated  RSS feed

 
Rajah Nagur
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While editing/updating the profile, the password is retrieved and displayed as asterisks.
This can be easily see by viewing the source of the html.

From a security point of view; Is it required to get the password from the server when the user is editing the profile? (There is some amount of risk of it being compromised)

Most of the sites which I have seen do not get the password from the server when the profile is being editied. There is separate link to update the password. This takes the old password as well new password

Can a simlilar thing be done here?

...just my thoughts.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're right, it's not good practice to send the password back and forth, and not even over HTTPS. We'll keep that in mind for the NewForumSoftware, which hopefully we'll eventually move to.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!