Solved

Firfox's web developer toolbar addon's Show Password Issue

Posted on 2010-08-16
5
670 Views
Last Modified: 2013-12-07
Hi,

My application uses input type=password which shows * in place of actual characters in text box

but Firfox's web developer toolbar addon have option show password which changes its type to text on the fly and user can see the actual data

This has become a sever issue at my end

anyhow can i prevent it ?

0
Comment
Question by:Rakesh Jaimini
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:UrbanTwitch
ID: 33446316
What do you mean -- explain more in depth of how it's a server issue?

Also, why not just uninstall the web developer toolbar if it gives you trouble?
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 33447981
And no you can't stop users from doing this.

It is only display anyway - it shouldn't cause any server issues as from a server point of view the text is passed as if it was type="text"  

The only thing the password type does is prevent people from looking at your screen and seeing your password when you type it in.  But there are many ways to have it seen besides the firefox add-on....
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33451793
Hi experts,

I said sever or big issue  not server issue :)

never mind it happens some time.

this issue is raised by our client and we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

IE doesn't allow this attribute to change from script and i checked with firebug also we can change type with the help of firebug

I have seen some site which shows a modal popup to register first
earlier i used to hide the popup using firebug and can access the site but now as soon as i change display:'' to display:none some script reloads the page

I'm trying to implement similar kind of logic

also @mrichmon can you tell me "other ways" to see this password

thanks

0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
ID: 33456384
oh you mean "severe"

>>we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

Actually you should tell them because by knowing that and not telling them you could be held liable.

>>is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

No - at least not that they can't prevent or get around very easily.  You can't control the client's browser

>>IE doesn't allow this attribute to change from scrip
Yes it does

>>can you tell me "other ways" to see this password
There are tons.  An easy one is javascript.  In the browser url simplly type alert(getElementById("passwordboxId"));   This will display - in clear text - your password in both IE and Firefox and any other javascript enabled browser.

This is one reason we tell users they should never use the "remember my password" because if they leave their computer unlocked I can sit down at it and browse on their computer and get all their username/passwords very easily.
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33472670
Hi,

Thanks for the reply

I'm convinced :)

can you give some more ways so that we can make some report kind of thing to present it our client that it is normal behaviour and we can not guard against this.
As I checked goggle also and there too both web dev tool bar and JavaScript in address bar worked to get the password

Thanks a lot

0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question