6
Kaji
7y

Fun fact: If you ever want to see the password you are typing or view the contents of a password field in a form, just pull up the web inspector. You can change the input type from "password" to "text" with no ill effects upon submission.

The lesson? When populating password fields, put junk values in there instead. Will present the right appearance, and doesn't risk exposing something that should be stored as a salted hash anyway.

Comments
  • 1
    You mean when populating fields with existing data? I don't see the point doing this while letting the user fill in a password field.
  • 5
    Never, ever, ever, ever pre-fill a password field with a real password. Firstly you shouldn't be able to if hashed/stored correctly. Secondly, never ever do it. Thirdly, WTF I mean it - never!!
  • 1
    Wtf does that mean?
Add Comment