so you really want the webpage to return the actual password instead of asterisks ? it's a big security risk, no matter what user experience says.....
On Friday, July 25, 2014 10:53:40 AM UTC+2, Louis Amon wrote: > > I'm trying to improve user exprerience on my website and I noticed a > rather annoying behavior on password fields : > > If I type a password longer than 8 characters and somehow my form fails > (some other field didn't validate), my password gets replaced by "********" > in request.vars.password. > > For example : > I try to login and misstype my username --> login form fails. > I correct the mistake in the username and press the submit button again > --> login still fails, because the password got replaced by '*********' > under the hood. > > Another example: > I try to register and type my password but mistyped my password > verification (password_two) --> register form fails. > I focus the password_two field and retype my password --> register still > fails because the original password field got replaced... > > This behavior is extremely frustrating for users as they can't print > request.vars.password like a developper would. All they see is obfuscated > passwords. > I cannot have this on my commercial website. > > > Is there any way to fix this ? > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
