Default password and uid displayed

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
souvik_php
Forum Newbie
Posts: 1
Joined: Thu May 06, 2010 1:15 am

Default password and uid displayed

Post by souvik_php »

In a site there are different type of user such as school admin, student, teacher. School admin can create student. When school admin saves the uid and password in default browser cookie then that is displayed in a text box of student creation page although that text box name and id is different from login page.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Default password and uid displayed

Post by Apollo »

souvik_php wrote:When school admin saves the uid and password in default browser cookie
Someone who does this shouldn't be admin in the first place.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Default password and uid displayed

Post by pickle »

Apollo wrote:
souvik_php wrote:When school admin saves the uid and password in default browser cookie
Someone who does this shouldn't be admin in the first place.
+1.

In the case where they are though, you could rename the username and password field on the login page to something different than on subsequent pages.

To be even more idiot-proof, you could make the username & password fields randomly named, then store those random names in other, hidden fields - that way, even if they "save" the credentials, the browser won't encounter those field names again, so won't know to auto-populate the fields.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply