webtier@glassfish.java.net

Re: [webtier] [JSF] intializing inputSecret field with a bean value

From: <lincolnbaxter_at_gmail.com>
Date: Wed, 14 Oct 2009 13:54:06 +0000

Also. The fact that you can redisplay the password at all makes me wonder if you're hashing the passwords in th DB. If you're not, that's another security risk. Just a thought :)
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Pascal Maugeri <pascal.maugeri_at_gmail.com>
Date: Wed, 14 Oct 2009 15:03:29
To: <webtier_at_glassfish.dev.java.net>
Subject: Re: [webtier] [JSF] intializing inputSecret field with a bean value
Thanks for your answer. So I will make use of a "clear text" input field for
the password when one edits a user profile.

Thanks for your answer.
Pascal

PS: what is a "belware issue" ? I've never heard this before

On Wed, Oct 14, 2009 at 2:53 PM, <lincolnbaxter_at_gmail.com> wrote:

> This is a belware issue. Browsers do not allow re-populating the password
> input type. Same with file upload boxes.
>
> Otherwise you could easily hack peoples computers.
>
> -Lincoln
> http://ocpsoft.com
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri <pascal.maugeri_at_gmail.com>
> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
> *To: *<webtier_at_glassfish.dev.java.net>
> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean value
>
> Hi
>
> (Let me know if the following is not appropriate to this mailing-list).
>
> I don't manage to have an inputSecret field initialized with a bean value.
>
> For instance the following does work (the field shows the existing
> password):
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> <h:inputText value="#{userBean.password}" required="true" >
> <f:validator validatorId="UserPasswordValidator"/>
> </h:inputText>
>
> but replacing inputText with inputSecret, the field is not initialized with
> the bean attribute value:
>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>
> [...]
>
> <h:inputSecret value="#{userBean.password}" required="true"
> >
> <f:validator validatorId="UserPasswordValidator"/>
> </h:inputSecret>
>
> Is there any limitation with inputSecret field that prevents an
> initialization ?
>
> Regards,
> Pascal
>

© Oracle | By contributing to this project, you are agreeing to the terms of use described here.