Solved

Firfox's web developer toolbar addon's Show Password Issue

Posted on 2010-08-16
5
664 Views
Last Modified: 2013-12-07
Hi,

My application uses input type=password which shows * in place of actual characters in text box

but Firfox's web developer toolbar addon have option show password which changes its type to text on the fly and user can see the actual data

This has become a sever issue at my end

anyhow can i prevent it ?

0
Comment
Question by:Rakesh Jaimini
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:UrbanTwitch
ID: 33446316
What do you mean -- explain more in depth of how it's a server issue?

Also, why not just uninstall the web developer toolbar if it gives you trouble?
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 33447981
And no you can't stop users from doing this.

It is only display anyway - it shouldn't cause any server issues as from a server point of view the text is passed as if it was type="text"  

The only thing the password type does is prevent people from looking at your screen and seeing your password when you type it in.  But there are many ways to have it seen besides the firefox add-on....
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33451793
Hi experts,

I said sever or big issue  not server issue :)

never mind it happens some time.

this issue is raised by our client and we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

IE doesn't allow this attribute to change from script and i checked with firebug also we can change type with the help of firebug

I have seen some site which shows a modal popup to register first
earlier i used to hide the popup using firebug and can access the site but now as soon as i change display:'' to display:none some script reloads the page

I'm trying to implement similar kind of logic

also @mrichmon can you tell me "other ways" to see this password

thanks

0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
ID: 33456384
oh you mean "severe"

>>we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

Actually you should tell them because by knowing that and not telling them you could be held liable.

>>is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

No - at least not that they can't prevent or get around very easily.  You can't control the client's browser

>>IE doesn't allow this attribute to change from scrip
Yes it does

>>can you tell me "other ways" to see this password
There are tons.  An easy one is javascript.  In the browser url simplly type alert(getElementById("passwordboxId"));   This will display - in clear text - your password in both IE and Firefox and any other javascript enabled browser.

This is one reason we tell users they should never use the "remember my password" because if they leave their computer unlocked I can sit down at it and browse on their computer and get all their username/passwords very easily.
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33472670
Hi,

Thanks for the reply

I'm convinced :)

can you give some more ways so that we can make some report kind of thing to present it our client that it is normal behaviour and we can not guard against this.
As I checked goggle also and there too both web dev tool bar and JavaScript in address bar worked to get the password

Thanks a lot

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now