Very good advice. Thanks, Mike
-----Original Message----- From: Justin Scott [mailto:[email protected]] Sent: Friday, June 26, 2009 11:40 AM To: cf-talk Subject: RE: HTMLEditFormat() on Password Fields > Is it wise to use htmlEditFormat() on the value of password fields? I wouldn't be passing a value through to a password field at all. Makes it too easy for someone to view source and see the existing password. For example, Sarah has her password saved in Firefox. Sarah leaves the room for a while and John gets on her computer and logs in as Sarah since the password is saved. John goes to the account page and views source. Now he knows Sarah's password and can log in from anywhere. Yes, it's a stretch, but a possibility that can be avoided by simply not passing a value of the password field. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323981 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
