password field can't be preloaded

[Homa]

Hi,

I have a quick question.

I have a webpage allow user to modify his/her information. When I
generate the form, I want to pre-load the information to the
TextBoxes. But for the password (and confirm password) textbox, the
text can't be loaded (the TextBoxes are empty, no "dot" in them). I
checked inside Page_Load the text is loaded, but when the page is
render, the data is flushed.

I read some ASP code that in ASP this won't happen, you just do:

<input type="password" name="vcPassword" value="<%=vcPassword%>">


Please Help

Homa Wong

 

[Steve C. Orr [MVP, MCSD]]

You're not supposed to set the text of a password field from the server
because it's unsecure. That's why it didn't show up; it's prevented as a
security precaution. (The password would be plain text to anybody who views
the source of the page.)

However there is a workaround if you are willing to accept this risk.
Here's the simplest example I've seen:

MyPWTextBox.Attributes.Add("value", strPassWord)

 

[Jerry III]

It's a security issue. If you want your applications to be secure you should
only store hashed password values so you will never be able to know the
original password. And in any case you should not be sending passwords to
anybody, not even the original user.

Jerry