You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Hudson (JIRA)" <de...@myfaces.apache.org> on 2018/06/14 11:28:00 UTC
[jira] [Commented] (TOBAGO-1904) Password fields shouldn't render
it's value
[ https://issues.apache.org/jira/browse/TOBAGO-1904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512336#comment-16512336 ]
Hudson commented on TOBAGO-1904:
--------------------------------
SUCCESS: Integrated in Jenkins build Tobago Trunk #1459 (See [https://builds.apache.org/job/Tobago%20Trunk/1459/])
TOBAGO-1904: Password fields shouldn't render it's value (lofwyr: rev 4337c121dc5f5edac42e297fd92edbe35b1e47a7)
* (edit) tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/InRenderer.java
* (edit) tobago-example/tobago-example-demo/src/main/webapp/login.xhtml
> Password fields shouldn't render it's value
> -------------------------------------------
>
> Key: TOBAGO-1904
> URL: https://issues.apache.org/jira/browse/TOBAGO-1904
> Project: MyFaces Tobago
> Issue Type: Improvement
> Components: Themes
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Priority: Major
> Fix For: 2.1.2, 3.0.7, 4.3.0
>
>
> Because of security reasons...
> It's not a "high risk", but it will enhance the security. Some web security checker test this behaviour.
> Disadvantage: If you have e.g. a registration form with password field, you have to retype the password (sometime in two fields), when there is some issue with the rest of the form (e.g. didn't fill a required field).
> In such a case the page design might be better, typing the password in an extra step.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)