设置密码文本有多糟糕
对于
在 ASP.net 中:
PasswordField.text = RawPasswordString;
这不起作用,但可以通过以下方式规避:
PasswordField.Attributes.Add("value", RawPasswordString);
我这样做是为了当注册表单失败时,他们不会如果密码有效,则无需重新输入密码,这在某些网站上让我烦恼不已。我们有一个需要服务器验证的验证码字段,因此当此失败(最有可能失败的字段)时,我不希望他们输入正确的密码,但密码会失败,因为它们被清除了,这意味着他们必须输入验证码再次。
安全原因是什么?如果此页面使用 HTTPS 可以吗?如果是在没有缓存的 HTTPS 上,我还应该注意什么?
For <input type="password" />
In ASP.net:
PasswordField.text = RawPasswordString;
This doesn't work, but can be circumvented with:
PasswordField.Attributes.Add("value", RawPasswordString);
I'm doing this so when the registration form fails, they don't need to re-enter their passwords if they were valid, this annoys me no end on some websites. We have a CAPTCHA field that needs server validation, so when this fails (the most likely field to fail), I don't want them to enter a correct one, but then the passwords fail because they cleared, meaning they have to enter the CAPTCHA again.
What are the security reasons, and if this page is on HTTPS is that OK? If it's on HTTPS with nocaching, what else should I be aware of?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
绝对不是。浏览器仍然可以缓存结果,并且有人可以查看缓存并获取密码。
Absolutely not. Browsers still can cache the result and someone can look at the cache and take the password.