[Modus] blank password field in Webadmin

[Del Hines]

From my tests, I don’t believe asp.net will store the password text in the viewstate even encrypted.  I think even on a standard textbox control, I think the text is just stored in the ‘value’ parameter of the input tag and is not stored in the viewstate.  I may be wrong though.   Looking back at Salama’s original question of “what is the logic behind this”, a password field should never be pre-populated in a change password form.  The whole point of having the ‘old password’ field to begin with is to authenticate the person that is resetting the password.  He/We will just have to explain this to the end user.   - Del   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Suneel Jhangiani Sent: Monday, November 17, 2003 12:00 PM To: [EMAIL PROTECTED] Subject: [Modus] blank password field in Webadmin   In ASP.Net the password would be stored as part off the Viewstate if it is run as a control. The viewstate would be encrypted but uses a fairly weak algorithm.     Regards,   Suneel Jhangiani Inter-Computer Technology Ltd.   Modus3 Bug Buster Co-MVP If you declare love, what identifier scope does it have?   -----Original Message----- From: Del Hines [mailto:[EMAIL PROTECTED] Sent: 17 November 2003 17:38 To: [EMAIL PROTECTED] Subject: [Modus] blank password field in Webadmin   * This is the modus mailing list *   1) In a standard html or asp page, if the password field is preloaded with the password either programmatically or in the html source, asterisks will be shown and the password _WILL_ be displayed in plain-text in the html source.   2) In ASP.Net, a password field (run as a control) will be blank even if there is an attempt to preload it with the password either programmatically or in the html source.   Perhaps the "your settings have been changed successfully" should be more prominently displayed (at least on the password page)   - Del

<<image001.gif>>