Skip to main content

[webtier] [JSF] intializing inputSecret field with a bean value

5 replies [Last post]
Anonymous

Hi

(Let me know if the following is not appropriate to this mailing-list).

I don't manage to have an inputSecret field initialized with a bean value.

For instance the following does work (the field shows the existing
password):

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>

[...]

but replacing inputText with inputSecret, the field is not initialized with
the bean attribute value:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>

[...]

Is there any limitation with inputSecret field that prevents an
initialization ?

Regards,
Pascal
[att1.html]

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
lincolnbaxter@gmail.com

Also. The fact that you can redisplay the password at all makes me wonder if you're hashing the passwords in th DB. If you're not, that's another security risk. Just a thought :)
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Pascal Maugeri
Date: Wed, 14 Oct 2009 15:03:29
To:
Subject: Re: [webtier] [JSF] intializing inputSecret field with a bean value
Thanks for your answer. So I will make use of a "clear text" input field for
the password when one edits a user profile.

Thanks for your answer.
Pascal

PS: what is a "belware issue" ? I've never heard this before

On Wed, Oct 14, 2009 at 2:53 PM,
wrote:

> This is a belware issue. Browsers do not allow re-populating the password
> input type. Same with file upload boxes.
>
> Otherwise you could easily hack peoples computers.
>
> -Lincoln
> http://ocpsoft.com
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri
> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
> *To: *
> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean value
>
> Hi
>
> (Let me know if the following is not appropriate to this mailing-list).
>
> I don't manage to have an inputSecret field initialized with a bean value.
>
> For instance the following does work (the field shows the existing
> password):
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
>
>
>

>
> but replacing inputText with inputSecret, the field is not initialized with
> the bean attribute value:
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> > >
>
>

>
> Is there any limitation with inputSecret field that prevents an
> initialization ?
>
> Regards,
> Pascal
>

[att1.html]

Pascal Maugeri

Good point !

I believe the proper way is to have in the edit page a button to reset the
existing password, otherwise it keeps unchanged.

Thanks a lot for your comments, I really appreciate
-pascal

On Wed, Oct 14, 2009 at 3:54 PM,
wrote:

> Also. The fact that you can redisplay the password at all makes me wonder
> if you're hashing the passwords in th DB. If you're not, that's another
> security risk. Just a thought :)
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri
> *Date: *Wed, 14 Oct 2009 15:03:29 +0200
> *To: *
> *Subject: *Re: [webtier] [JSF] intializing inputSecret field with a bean
> value
>
> Thanks for your answer. So I will make use of a "clear text" input field
> for the password when one edits a user profile.
>
> Thanks for your answer.
> Pascal
>
> PS: what is a "belware issue" ? I've never heard this before
>
> On Wed, Oct 14, 2009 at 2:53 PM,
wrote:
>
>> This is a belware issue. Browsers do not allow re-populating the password
>> input type. Same with file upload boxes.
>>
>> Otherwise you could easily hack peoples computers.
>>
>> -Lincoln
>> http://ocpsoft.com
>>
>> Sent from my Verizon Wireless BlackBerry
>> ------------------------------
>> *From: * Pascal Maugeri
>> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
>> *To: *
>> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean
>> value
>>
>> Hi
>>
>> (Let me know if the following is not appropriate to this mailing-list).
>>
>> I don't manage to have an inputSecret field initialized with a bean value.
>>
>> For instance the following does work (the field shows the existing
>> password):
>>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
>> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
>> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>>
>> [...]
>>
>> >> >
>>
>>

>>
>> but replacing inputText with inputSecret, the field is not initialized
>> with the bean attribute value:
>>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
>> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
>> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>>
>> [...]
>>
>> >> required="true" >
>>
>>

>>
>> Is there any limitation with inputSecret field that prevents an
>> initialization ?
>>
>> Regards,
>> Pascal
>>
>
>
[att1.html]

lincolnbaxter@gmail.com

This is a belware issue. Browsers do not allow re-populating the password input type. Same with file upload boxes.

Otherwise you could easily hack peoples computers.

-Lincoln
http://ocpsoft.com
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Pascal Maugeri
Date: Wed, 14 Oct 2009 13:09:00
To:
Subject: [webtier] [JSF] intializing inputSecret field with a bean value
Hi

(Let me know if the following is not appropriate to this mailing-list).

I don't manage to have an inputSecret field initialized with a bean value.

For instance the following does work (the field shows the existing
password):

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>

[...]



but replacing inputText with inputSecret, the field is not initialized with
the bean attribute value:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>

[...]

>

Is there any limitation with inputSecret field that prevents an
initialization ?

Regards,
Pascal

[att1.html]

Pascal Maugeri

Thanks for your answer. So I will make use of a "clear text" input field for
the password when one edits a user profile.

Thanks for your answer.
Pascal

PS: what is a "belware issue" ? I've never heard this before

On Wed, Oct 14, 2009 at 2:53 PM,
wrote:

> This is a belware issue. Browsers do not allow re-populating the password
> input type. Same with file upload boxes.
>
> Otherwise you could easily hack peoples computers.
>
> -Lincoln
> http://ocpsoft.com
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri
> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
> *To: *
> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean value
>
> Hi
>
> (Let me know if the following is not appropriate to this mailing-list).
>
> I don't manage to have an inputSecret field initialized with a bean value.
>
> For instance the following does work (the field shows the existing
> password):
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
>
>
>

>
> but replacing inputText with inputSecret, the field is not initialized with
> the bean attribute value:
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> > >
>
>

>
> Is there any limitation with inputSecret field that prevents an
> initialization ?
>
> Regards,
> Pascal
>
[att1.html]

lincolnbaxter@gmail.com

Browser, sorry. And I would probably think hard about showing a users password in plain text. Big security risk.
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Pascal Maugeri
Date: Wed, 14 Oct 2009 15:03:29
To:
Subject: Re: [webtier] [JSF] intializing inputSecret field with a bean value
Thanks for your answer. So I will make use of a "clear text" input field for
the password when one edits a user profile.

Thanks for your answer.
Pascal

PS: what is a "belware issue" ? I've never heard this before

On Wed, Oct 14, 2009 at 2:53 PM,
wrote:

> This is a belware issue. Browsers do not allow re-populating the password
> input type. Same with file upload boxes.
>
> Otherwise you could easily hack peoples computers.
>
> -Lincoln
> http://ocpsoft.com
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri
> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
> *To: *
> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean value
>
> Hi
>
> (Let me know if the following is not appropriate to this mailing-list).
>
> I don't manage to have an inputSecret field initialized with a bean value.
>
> For instance the following does work (the field shows the existing
> password):
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
>
>
>

>
> but replacing inputText with inputSecret, the field is not initialized with
> the bean attribute value:
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> > >
>
>

>
> Is there any limitation with inputSecret field that prevents an
> initialization ?
>
> Regards,
> Pascal
>

[att1.html]