Page 1 of 1
Default password and uid displayed
Posted: Thu May 06, 2010 1:32 am
by souvik_php
In a site there are different type of user such as school admin, student, teacher. School admin can create student. When school admin saves the uid and password in default browser cookie then that is displayed in a text box of student creation page although that text box name and id is different from login page.
Re: Default password and uid displayed
Posted: Thu May 06, 2010 3:18 am
by Apollo
souvik_php wrote:When school admin saves the uid and password in default browser cookie
Someone who does this shouldn't be admin in the first place.
Re: Default password and uid displayed
Posted: Thu May 06, 2010 9:16 am
by pickle
Apollo wrote:souvik_php wrote:When school admin saves the uid and password in default browser cookie
Someone who does this shouldn't be admin in the first place.
+1.
In the case where they are though, you could rename the username and password field on the login page to something different than on subsequent pages.
To be even more idiot-proof, you could make the username & password fields randomly named, then store those random names in other, hidden fields - that way, even if they "save" the credentials, the browser won't encounter those field names again, so won't know to auto-populate the fields.