heh, I'm trying to argue for soft-password boxes. Entering a during password on
a mobile sucks. I'd consider this a feature. LOL.
With all the password breaches lately, it's clear that we have to move away
from passwords entirely...
--
Sent from my Nokia N9
On 6/11/12 12:07 PM Jordi Rovira wrote:
Hello,
First, a small context introduction: I am developing my company websire
website using Wt, and enjoying it very much so far. Thanks for making this
framework open.
Now, to the issue: There is a small security problem that may end up showing
user's passwords on screen if the user is not careful. I have found it on my
site, based on the last stable release, but also in your site's Blog. The steps
to reproduce it are simple:
- Go to blog website: http://www.webtoolkit.eu/wt/blog
- Type a valid (existing) user name in the login box.
- Don't type anything in the password box, and click the Login button.
- The system nicely complains about the password, putting its entry in red.
- However if you click on it and type your password now, it will be visible
(as if the password entry field is no longer type="password").
Not really a big security problem, but it would be good to fix it...
Regards,
Jordi
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
witty-interest mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/witty-interest
