设置类型“密码”验证失败后输入具有先前提交值的值
我正在为我们的网站创建一个直接创建帐户页面。在用户提交表单后,即使两个密码匹配并且有效,我总是出于偏执而清除 type="password" 输入的默认值=""。在我们的设计师问我这样做是否有真正的意义后,我开始思考这个问题。如果它们不是令人讨厌的验证失败,我当然可以在提交后将密码回显到 value="" 字段中,但是是否存在与此方法相关的漏洞?我们在此特定页面上默认使用 https。我知道您可以进行 html 重写来更改输入类型,以便回显到非屏蔽输入,但这似乎只能影响本地用户。
示例表单:
<input type="text" name="username" value="<?php echo $username; ?>">
<input type="password" name="password1" value="">
<input type="password" name="password2" value="">
提交时,检查用户名是否看起来像正确的电子邮件、密码是否匹配以及密码是否符合我们的最低要求。如果电子邮件冒犯了人,但密码却没有,我可以添加......
<input type="password" name="password1" value="<?php echo $password1; ?>">
<input type="password" name="password2" value="<?php echo $password2; ?>">
并且不用担心吗?不,我没有使用寄存器全局变量。我手动将它们从 $_POST 中取出并首先进行清理。
乔什
I'm creating a walkup create account page for our website. I've always cleared out the default value="" for a type="password" input out of paranoia, after a user has submitted a form, even if the two passwords match and are valid. I started to think on this after our designer asked me if there was any real point to doing that. I can certainly echo the passwords into the value="" field after submit, if they are not the offending validation failure, but are there vulnerabilities associated with this approach? We're defaulting to https on this particular page. I know that you could do an html rewrite to change the input type such that you are echo'ing into a non-masked input, but that seems like it could only affect the user locally.
Example form:
<input type="text" name="username" value="<?php echo $username; ?>">
<input type="password" name="password1" value="">
<input type="password" name="password2" value="">
On submit, check if the username looks like a proper email, the passwords match, and the passwords beat our minimal requirements. If the email offends, but the passwords don't, could I add...
<input type="password" name="password1" value="<?php echo $password1; ?>">
<input type="password" name="password2" value="<?php echo $password2; ?>">
... and be worry free? And no, I'm not using register globals. I pull them out of $_POST manually and do sanitization first.
Josh
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我想您不应该这样做,因为同事可能会窃取您进入个人资料页面的密码并查看源代码。
如果您的密码使用安全哈希进行加扰,您可能无法实现此功能这是一种单一的方法,您无法找回原始密码。
I guess you should not do it as a colleague could steal your password going to the profile page and do a view source.
You probably should not be able to implement this functionality if your passwords are scrambled using a secure hash as that is a single way and you are unable to get the original password back.
我认为这样做是一个坏主意,因为 HTML 源可能会被缓存,即使您使用 HTTP 标头告诉它不应缓存。这取决于浏览器,Microsoft 建议在 BODY 标记之后添加一个额外的 HEAD 标记。 Microsoft 提供了有关 Internet Explorer 此项“功能”的更多信息。
I think it's a bad idea to do it this way because the HTML source may be cached, even when you tell it using HTTP headers that it should not be cached. This is dependant upon the browsers, and Microsoft suggests including an additional HEAD tag after the BODY tag. Microsoft has more information on this "feature" for Internet Explorer.