I have a login form with username and password fields. If the user typed something wrong, the page would re-load with the values already entered so that it could be corrected.
However, as Justin pointed out, it's probably not a good idea to default the password back into the password field. But, I still think it's fine to default the username into the username field. Thanks, Mike -----Original Message----- From: Paul Alkema [mailto:[email protected]] Sent: Friday, June 26, 2009 11:51 AM To: cf-talk Subject: RE: HTMLEditFormat() on Password Fields This is true. Michael, what are you using this for? Are you using the htmlEditFormat() to sanitize the passwords before they get inserted? Or are you using this to output the users password to them in a textbox? -----Original Message----- From: Justin Scott [mailto:[email protected]] Sent: Friday, June 26, 2009 12:40 PM To: cf-talk Subject: RE: HTMLEditFormat() on Password Fields > Is it wise to use htmlEditFormat() on the value of password fields? I wouldn't be passing a value through to a password field at all. Makes it too easy for someone to view source and see the existing password. For example, Sarah has her password saved in Firefox. Sarah leaves the room for a while and John gets on her computer and logs in as Sarah since the password is saved. John goes to the account page and views source. Now he knows Sarah's password and can log in from anywhere. Yes, it's a stretch, but a possibility that can be avoided by simply not passing a value of the password field. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323983 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
