|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Password fields "revealing" problemHas anyone noticed that even the .NET 2.0 windows forms (not sure ASP)
password field is vulnerable to the "password revealing" problem? To be clear, I refer to the fact that it is easy to run a free program that simply takes the field showing the asterisks, and showing you the password behind it. If Microsoft solved this problem in their own applications, why didn't they solve it for this commonly used control? Any tips on best workarounds? thanks Hi,
simply don't fill the password fields - after someone entered something, immediately clear them and fill them with placeholder characters. dominick Show quoteHide quote > Has anyone noticed that even the .NET 2.0 windows forms (not sure ASP) > password field is vulnerable to the "password revealing" problem? To > be clear, I refer to the fact that it is easy to run a free program > that simply takes the field showing the asterisks, and showing you the > password behind it. > > If Microsoft solved this problem in their own applications, why didn't > they solve it for this commonly used control? > > Any tips on best workarounds? > > thanks > 
Other interesting topics
Have a NTAccount, need FileSystem permissions
Machine hops - Basic Authentication Another StrongNameIdentityPermission/LinkDemand question security warning in self signed certificate Assigning Strong Name to COM dlls Access Private Key File From X509 Certificate Can SslStream be set to ignore invalid certificates? IIS 5.1 security Client Certifcate Info in Web Service HttpWebRequest Fails When Run as Non-Admin Account On Vista |
|||||||||||||||||||||||
