Solved

Firfox's web developer toolbar addon's Show Password Issue

Posted on 2010-08-16
5
669 Views
Last Modified: 2013-12-07
Hi,

My application uses input type=password which shows * in place of actual characters in text box

but Firfox's web developer toolbar addon have option show password which changes its type to text on the fly and user can see the actual data

This has become a sever issue at my end

anyhow can i prevent it ?

0
Comment
Question by:Rakesh Jaimini
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:UrbanTwitch
ID: 33446316
What do you mean -- explain more in depth of how it's a server issue?

Also, why not just uninstall the web developer toolbar if it gives you trouble?
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 33447981
And no you can't stop users from doing this.

It is only display anyway - it shouldn't cause any server issues as from a server point of view the text is passed as if it was type="text"  

The only thing the password type does is prevent people from looking at your screen and seeing your password when you type it in.  But there are many ways to have it seen besides the firefox add-on....
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33451793
Hi experts,

I said sever or big issue  not server issue :)

never mind it happens some time.

this issue is raised by our client and we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

IE doesn't allow this attribute to change from script and i checked with firebug also we can change type with the help of firebug

I have seen some site which shows a modal popup to register first
earlier i used to hide the popup using firebug and can access the site but now as soon as i change display:'' to display:none some script reloads the page

I'm trying to implement similar kind of logic

also @mrichmon can you tell me "other ways" to see this password

thanks

0
 
LVL 35

Accepted Solution

by:
mrichmon earned 500 total points
ID: 33456384
oh you mean "severe"

>>we can not say that there are several other ways coz somehow this is a security issue and then we need to address those several other ways also. :D

Actually you should tell them because by knowing that and not telling them you could be held liable.

>>is there any way to implement some attribute change event handler which i can use on type change to text from password so that in that function i can change back to password

No - at least not that they can't prevent or get around very easily.  You can't control the client's browser

>>IE doesn't allow this attribute to change from scrip
Yes it does

>>can you tell me "other ways" to see this password
There are tons.  An easy one is javascript.  In the browser url simplly type alert(getElementById("passwordboxId"));   This will display - in clear text - your password in both IE and Firefox and any other javascript enabled browser.

This is one reason we tell users they should never use the "remember my password" because if they leave their computer unlocked I can sit down at it and browse on their computer and get all their username/passwords very easily.
0
 
LVL 10

Author Comment

by:Rakesh Jaimini
ID: 33472670
Hi,

Thanks for the reply

I'm convinced :)

can you give some more ways so that we can make some report kind of thing to present it our client that it is normal behaviour and we can not guard against this.
As I checked goggle also and there too both web dev tool bar and JavaScript in address bar worked to get the password

Thanks a lot

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question