Yes, I am in support of having a boolean option to select the desired
behavior.
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 12:36 PM
To: [EMAIL PROTECTED]
Subject: Re: html:password
Maya Muchnik wrote:
> I have seen the similar behavior for edit option. The form
(struts-example) does
> not display "*", but it does not require to re-enter password again
either.
>
This behavior was changed due to concerns about the fact that the old
password would
appear (in the HTML source) when you were on the login page and -- for
example --
mistyped by one character your actual password. A hacker who saw the
incorrect value
is a lot closer to guessing the right one.
Would it make sense to have a boolean option to "have it your way" on this?
Craig
