Hello,
First, a small context introduction: I am developing my company websire
website using Wt, and enjoying it very much so far. Thanks for making this
framework open.
Now, to the issue: There is a small security problem that may end up
showing user's passwords on screen if the user is not careful. I have found
it on my site, based on the last stable release, but also in your site's
Blog. The steps to reproduce it are simple:
- Go to blog website: http://www.webtoolkit.eu/wt/blog
- Type a valid (existing) user name in the login box.
- Don't type anything in the password box, and click the Login button.
- The system nicely complains about the password, putting its entry in
red.
- However if you click on it and type your password now, it will be
visible (as if the password entry field is no longer type="password").
Not really a big security problem, but it would be good to fix it...
Regards,
Jordi
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
witty-interest mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/witty-interest
