Friday, March 16, 2012

password fields

why is it that password fields:
<asp:TextBox Id="txtuserpassword1" TextMode="password" class="textbox" maxle
ngth="20" Columns="15" Runat="Server" /><br>
clear everytime validation kicks in or on page refreshes? Can this be stoppe
d? Help!
Also, I can't auto-populate the password field uising a database value.
Help. Thanx.This is the default behavior. If password fields were to refresh, they would
have to be stored in ViewState. Since ViewState is stored on the HTML rende
red to the browser, the user can easily do a view source and have access to
the password. This defeats
the purpose of having the password masked.
There is no way to override this, unless you make a custom control, or some
other work around.
hope this helps,
John
"Chris" wrote:

> why is it that password fields:
> <asp:TextBox Id="txtuserpassword1" TextMode="password" class="textbox" max
length="20" Columns="15" Runat="Server" /><br>
> clear everytime validation kicks in or on page refreshes? Can this be stop
ped? Help!
> Also, I can't auto-populate the password field uising a database value.
> Help. Thanx.
>
ok, I can buy the "refresh" reason but what about setting to a value via a d
atabase call:
txtuserpassword1.Text = "" & memberdata("USER_PASSWORD")
txtuserpassword2.Text = "" & memberdata("USER_PASSWORD")
they won't populate, why?
thanx.
"John Sivilla" wrote:

> This is the default behavior. If password fields were to refresh, they would have
to be stored in ViewState. Since ViewState is stored on the HTML rendered to the bro
wser, the user can easily do a view source and have access to the password. This def
eat
s the purpose of having the password masked.
> There is no way to override this, unless you make a custom control, or som
e other work around.
> hope this helps,
> John
> "Chris" wrote:
>
My guess is it's built into the design of the server control. It would
seem to be a security risk to allow prepopulating a password field.
Perhaps you could do a JavaScript kludge to work around it though if you
really had to.
Chris wrote:

>why is it that password fields:
><asp:TextBox Id="txtuserpassword1" TextMode="password" class="textbox" maxl
ength="20" Columns="15" Runat="Server" /><br>
>clear everytime validation kicks in or on page refreshes? Can this be stopp
ed? Help!
>Also, I can't auto-populate the password field uising a database value.
>Help. Thanx.
>
>
asp.net clears password fields by default. to set the values in code behind
use the value attribute:
txtuserpassword1.Attributes.Add("value",myPassedValue);
-- bruce (sqlwork.com)
"Chris" <Chris@.discussions.microsoft.com> wrote in message
news:53BA7FBD-26A4-458A-BA32-0AB61190C1E6@.microsoft.com...
> why is it that password fields:
> <asp:TextBox Id="txtuserpassword1" TextMode="password" class="textbox"
maxlength="20" Columns="15" Runat="Server" /><br>
> clear everytime validation kicks in or on page refreshes? Can this be
stopped? Help!
> Also, I can't auto-populate the password field uising a database value.
> Help. Thanx.
>
This will work, but for security reasons, I would recommend not putting the
actual password value in there (as it can then become visible to the user if
they view source). Rather, I've often put in "********" as the value to
represent that something has been entered. The next time the user posts, if
that value matches, then I know they left it alone and the code responds
accordingly. Otherwise, they've made a change.
Ben Lucas
Lead Developer
Solien Technology, Inc.
"bruce barker" <nospam_brubar@.safeco.com> wrote in message
news:OOApwjbbEHA.368@.TK2MSFTNGP10.phx.gbl...
> asp.net clears password fields by default. to set the values in code
behind
> use the value attribute:
> txtuserpassword1.Attributes.Add("value",myPassedValue);
> -- bruce (sqlwork.com)
> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> news:53BA7FBD-26A4-458A-BA32-0AB61190C1E6@.microsoft.com...
> maxlength="20" Columns="15" Runat="Server" /><br>
> stopped? Help!
>
does the trick, thanx a lot!
"bruce barker" wrote:

> asp.net clears password fields by default. to set the values in code behin
d
> use the value attribute:
> txtuserpassword1.Attributes.Add("value",myPassedValue);
> -- bruce (sqlwork.com)
> "Chris" <Chris@.discussions.microsoft.com> wrote in message
> news:53BA7FBD-26A4-458A-BA32-0AB61190C1E6@.microsoft.com...
> maxlength="20" Columns="15" Runat="Server" /><br>
> stopped? Help!
>
>
good suggestions, I never thought of that!
"Ben Lucas" wrote:

> This will work, but for security reasons, I would recommend not putting th
e
> actual password value in there (as it can then become visible to the user
if
> they view source). Rather, I've often put in "********" as the value to
> represent that something has been entered. The next time the user posts,
if
> that value matches, then I know they left it alone and the code responds
> accordingly. Otherwise, they've made a change.
> Ben Lucas
> Lead Developer
> Solien Technology, Inc.
> "bruce barker" <nospam_brubar@.safeco.com> wrote in message
> news:OOApwjbbEHA.368@.TK2MSFTNGP10.phx.gbl...
> behind
>
>
Posted by altitudenmqo at 5:47 AM
Labels: , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)