Revision history [back]

click to hide/show revision 1
initial version

answered 2022-08-08 14:17:28 +0800

hawk gravatar image hawk

http://hawkphoenix.blogsp... ZK Team

input type password is used to protect user input from being seen by someone aside. It's used to protect the value from the server. If you want users to input a password, you don't need to set value for a password field.

Besides, if you can set a password into a textbox, that implies you store a password in plain text which is a security weakness. see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

It's better to store a password in its hash value or even plus a salt. Please see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

input type password is used to protect user input from being seen by someone aside. It's not used to protect the value from the server. If you want users to input a password, you don't need to set a value for a password field.

Besides, if you can set a password into a textbox, that implies you store a password in plain text which is a security weakness. see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/https://cwe.mitre.org/data/definitions/256.html#:~:text=Storing%20a%20plaintext%20password%20in,immediately%20after%20it%20is%20used.

It's better to store a password in its hash value or even plus a salt. Please see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

input type password is used to protect user input from being seen by someone aside. It's not used to protect the value from the server. If you want users to input a password, you don't need to set a value for a password field.

Besides, if you can set a password into a textbox, that implies you store a password in plain text which is a security weakness. see https://cwe.mitre.org/data/definitions/256.html#:~:text=Storing%20a%20plaintext%20password%20in,immediately%20after%20it%20is%20used.

It's better to store a password in its hash value or even plus a salt. Please see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

input It looks like you fill the password into a textbox from the server-side. Input type password password is used to protect user input from being seen by someone aside. It's not used to protect hide the value from the server. If you want users to input a password, you don't need to set a value for a password field.

Besides, if you can set a password into a textbox, that implies you store a password in plain text which is a security weakness. see CWE-256: Plaintext Storage of a Passwordhttps://cwe.mitre.org/data/definitions/256.html#:~:text=Storing%20a%20plaintext%20password%20in,immediately%20after%20it%20is%20used. It's not a recommended practice.

It's better to store a password in its hash value or even plus a salt. Please see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

It looks like you fill the password into a textbox from the server-side. Input type password is used to protect user input from being seen by someone aside. It's not used to hide the value from the server. If you want users to input a password, you don't need to set a value for a password field.field. What feature do you plan to implement?

Besides, if you can set a password into a textbox, that implies you store a password in plain text which is a security weakness. see CWE-256: Plaintext Storage of a Password It's not a recommended practice.

It's better to store a password in its hash value or even plus a salt. Please see https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More