webtier@glassfish.java.net

Re: [webtier] [JSF] intializing inputSecret field with a bean value

From: Pascal Maugeri <pascal.maugeri_at_gmail.com>
Date: Wed, 14 Oct 2009 16:02:07 +0200

Good point !

I believe the proper way is to have in the edit page a button to reset the
existing password, otherwise it keeps unchanged.

Thanks a lot for your comments, I really appreciate
-pascal

On Wed, Oct 14, 2009 at 3:54 PM, <lincolnbaxter_at_gmail.com> wrote:

> Also. The fact that you can redisplay the password at all makes me wonder
> if you're hashing the passwords in th DB. If you're not, that's another
> security risk. Just a thought :)
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Pascal Maugeri <pascal.maugeri_at_gmail.com>
> *Date: *Wed, 14 Oct 2009 15:03:29 +0200
> *To: *<webtier_at_glassfish.dev.java.net>
> *Subject: *Re: [webtier] [JSF] intializing inputSecret field with a bean
> value
>
> Thanks for your answer. So I will make use of a "clear text" input field
> for the password when one edits a user profile.
>
> Thanks for your answer.
> Pascal
>
> PS: what is a "belware issue" ? I've never heard this before
>
> On Wed, Oct 14, 2009 at 2:53 PM, <lincolnbaxter_at_gmail.com> wrote:
>
>> This is a belware issue. Browsers do not allow re-populating the password
>> input type. Same with file upload boxes.
>>
>> Otherwise you could easily hack peoples computers.
>>
>> -Lincoln
>> http://ocpsoft.com
>>
>> Sent from my Verizon Wireless BlackBerry
>> ------------------------------
>> *From: * Pascal Maugeri <pascal.maugeri_at_gmail.com>
>> *Date: *Wed, 14 Oct 2009 13:09:00 +0200
>> *To: *<webtier_at_glassfish.dev.java.net>
>> *Subject: *[webtier] [JSF] intializing inputSecret field with a bean
>> value
>>
>> Hi
>>
>> (Let me know if the following is not appropriate to this mailing-list).
>>
>> I don't manage to have an inputSecret field initialized with a bean value.
>>
>> For instance the following does work (the field shows the existing
>> password):
>>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
>> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
>> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>>
>> [...]
>>
>> <h:inputText value="#{userBean.password}" required="true"
>> >
>> <f:validator validatorId="UserPasswordValidator"/>
>> </h:inputText>
>>
>> but replacing inputText with inputSecret, the field is not initialized
>> with the bean attribute value:
>>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
>> <%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
>> <%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
>>
>> [...]
>>
>> <h:inputSecret value="#{userBean.password}"
>> required="true" >
>> <f:validator validatorId="UserPasswordValidator"/>
>> </h:inputSecret>
>>
>> Is there any limitation with inputSecret field that prevents an
>> initialization ?
>>
>> Regards,
>> Pascal
>>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.