I disagree with hiding the password at this level. In my opinion the form
bean should synchronize with the page components in both directions- not
just one way for the password box. If you do not want the password sent back
to the client, then why not just remove it from the form bean?
I think its a good idea to add a "hide password" option to text:password but
I also think displaying the password should be the default behavior. For
those that want extra security, then they can set the flag.
Bob
-----Original Message-----
From: Frederic BAGES [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 6:16 AM
To: [EMAIL PROTECTED]
Subject: RE: html:password
It was a request from myself. I didn't know that would annoy anyone.
The
fact is that if you ask your browser to show you the html source you will
see the password is embedded in it (case of '*'). It is not secure and we
found that it's better not to fill back the password field.
Frederic.
-----Message d'origine-----
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de
Matthias Bauer
Envoyé : mardi 13 février 2001 10:25
À : [EMAIL PROTECTED]
Objet : html:password
Hi,
I just upgraded to struts 1.0 nightly build 20010212 from an earlier version
and
found that the html:password tag does not work as in the earlier version I
used
(20010117): The password is no longer displayed as '*'s. Instead the
password
field is empty. This does not seem to be a feature, because it imposes some
difficulties, when I want to offer the user to edit his profile which
contains a
password, because now the user always has to reenter the password, also when
he
only wants to change some other field of his profile.
Has anybody seen the same behaviour?
Thanks,
--- Matthias
Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++
www.livinglogic.de
