Here's a cool ASP.NET tip from Sean 'Early' Campbell & Scott 'Adopter' Swigart (actually from their associate, Richard Hundhausen):
If you've got a password textbox name txtPassword, you cannot assign the Text property to it in code, or via DataBinding. This is by design. Here's a workaround, however:txtPassword.Attributes.Add("value", "abc")Now keep in mind, just because you can do this, doesn't mean you should. This is "by design" for a reason.
Comments
Posted by Hitesh on March 23, 2004:
Posted by Hayke Geuskens on December 2, 2004:
// The folowing solution solves this problem.
// The hacker only sees value="**********" in the HTML source on client side.
// The original password value stays at server side. Make sure to test the
// "value" attribute before saving. IOW, restore the original password in the
// postback if it has changed. Preventing it, from storing the asterix
// in the password field.
string passWord = User[this.oUser.PasswordField].ToString().Trim();
if (passWord != "")
this.txtPassword.Attributes.Add("value", new string('*', passWord.Length));
else
this.txtPassword.Attributes.Add("value", "");
Leave a comment
Excellent… It really works…