Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Password TextBox control in .NET

Posted on 2015-02-23
2
Medium Priority
?
108 Views
Last Modified: 2015-03-15
What is the proper way to create a password textbox control that is masked with bullet points.

Currently, I created a textbox control, and set itsHtmlTextWriterAttribute.Type property to "password".
writer.AddAttribute(HtmlTextWriterAttribute.Type, "password", true);
writer.AddAttribute(HtmlTextWriterAttribute.Value, text, true);

Everything looks great, except that when you right click on the page and "view source" it actually shows the password in plain text.

REQUIREMENT:
For example, the current password in the textbox is "Apple" and is masked.

If the user goes in and deletes the last letter and replaces it with "a", the new password needs to be "Appla". So in other words, the characters need to be real.

How do I achieve this without the password showing up in "view source"?
0
Comment
Question by:pzozulka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Accepted Solution

by:
Valliappan AN earned 1000 total points
ID: 40626689
I think the prefilled password, shows in view source, no matter, do you really need to prefill the password, I believe you do an edit data here. The purpose View Source is to avoid someone else peeking in to view the password.

An alternative would be to get Old and New Passwords, and update it, if they want to update password. It appears not an easy way to hide the prepopulated HTML code, in View Source.

HTH.
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 1000 total points
ID: 40627202
It is generally a bad security practice to be able to send the password back to a user and should normally only be stored in a hashed or encrypted form. In this case you are sending the password to the client so they can see it. If someone wants to see it, they will find a way to see it, there is no way around this with this method.

If you need to store this value for some kind of authentication later, you may have the option of storing in some kind of session information or a temporary database location but please do not store a plaintext or easily reversible password.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question