Default password and uid displayed
Moderator: General Moderators
-
souvik_php
- Forum Newbie
- Posts: 1
- Joined: Thu May 06, 2010 1:15 am
Default password and uid displayed
In a site there are different type of user such as school admin, student, teacher. School admin can create student. When school admin saves the uid and password in default browser cookie then that is displayed in a text box of student creation page although that text box name and id is different from login page.
Re: Default password and uid displayed
Someone who does this shouldn't be admin in the first place.souvik_php wrote:When school admin saves the uid and password in default browser cookie
Re: Default password and uid displayed
+1.Apollo wrote:Someone who does this shouldn't be admin in the first place.souvik_php wrote:When school admin saves the uid and password in default browser cookie
In the case where they are though, you could rename the username and password field on the login page to something different than on subsequent pages.
To be even more idiot-proof, you could make the username & password fields randomly named, then store those random names in other, hidden fields - that way, even if they "save" the credentials, the browser won't encounter those field names again, so won't know to auto-populate the fields.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.