Firfox's web developer toolbar addon's Show Password Issue

Hi,

My application uses input type=password which shows * in place of actual characters in text box

but Firfox's web developer toolbar addon have option show password which changes its type to text on the fly and user can see the actual data

This has become a sever issue at my end

anyhow can i prevent it ?

LVL 10
Rakesh JaiminiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

UrbanTwitchCommented:
What do you mean -- explain more in depth of how it's a server issue?

Also, why not just uninstall the web developer toolbar if it gives you trouble?
0
mrichmonCommented:
And no you can't stop users from doing this.

It is only display anyway - it shouldn't cause any server issues as from a server point of view the text is passed as if it was type="text"  

The only thing the password type does is prevent people from looking at your screen and seeing your password when you type it in.  But there are many ways to have it seen besides the firefox add-on....
0
Rakesh JaiminiAuthor Commented:
Hi experts,

I said sever or big issue  not server issue :)

never mind it happens some time.

this issue is raised by our client and we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

IE doesn't allow this attribute to change from script and i checked with firebug also we can change type with the help of firebug

I have seen some site which shows a modal popup to register first
earlier i used to hide the popup using firebug and can access the site but now as soon as i change display:'' to display:none some script reloads the page

I'm trying to implement similar kind of logic

also @mrichmon can you tell me "other ways" to see this password

thanks

0
mrichmonCommented:
oh you mean "severe"

>>we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

Actually you should tell them because by knowing that and not telling them you could be held liable.

>>is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

No - at least not that they can't prevent or get around very easily.  You can't control the client's browser

>>IE doesn't allow this attribute to change from scrip
Yes it does

>>can you tell me "other ways" to see this password
There are tons.  An easy one is javascript.  In the browser url simplly type alert(getElementById("passwordboxId"));   This will display - in clear text - your password in both IE and Firefox and any other javascript enabled browser.

This is one reason we tell users they should never use the "remember my password" because if they leave their computer unlocked I can sit down at it and browse on their computer and get all their username/passwords very easily.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rakesh JaiminiAuthor Commented:
Hi,

Thanks for the reply

I'm convinced :)

can you give some more ways so that we can make some report kind of thing to present it our client that it is normal behaviour and we can not guard against this.
As I checked goggle also and there too both web dev tool bar and JavaScript in address bar worked to get the password

Thanks a lot

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.