You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Dan Adams <da...@ifactory.com> on 2008/05/23 14:34:03 UTC
Use of passwordfield?
To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
Dan Adams
Senior Software Engineer
Interactive Factory
p: 617.235.5857
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Josh Canfield <jo...@thedailytube.com>.
> That's an interesting idea; the current value could, in fact, be
> stored into form data (that's "relatively" secure).
I could be wrong, but isn't the"form data" you are talking about
stored in a hidden field on the page? That kind of talk could get
Tapestry5 banned from my day job! It's hard enough to get new stuff
through a security review when they have to look hard for holes :)
> Alternately, the
> password field could be changed to only update its value parameter if
> the submitted value is non-blank (that's probably more useful).
And also more likely to get through a security review.
Josh
On Fri, May 23, 2008 at 8:51 AM, Howard Lewis Ship <hl...@gmail.com> wrote:
> That's an interesting idea; the current value could, in fact, be
> stored into form data (that's "relatively" secure). Alternately, the
> password field could be changed to only update its value parameter if
> the submitted value is non-blank (that's probably more useful).
>
> On Fri, May 23, 2008 at 8:09 AM, Dan Adams <da...@ifactory.com> wrote:
>> Yeah, that was my question. Do you have to create a separate field outside your bean and then update manually if it hasn't changed? Or is there a way that the field could be smart enough to store the value in the session or something and then update the bean value only when the user enters one.
>>
>> Dan Adams
>> Senior Software Engineer
>> Interactive Factory
>> p: 617.235.5857
>>
>> ----- Original Message -----
>> From: "Joachim Van der Auwera" <jo...@progs.be>
>> To: "Tapestry users" <us...@tapestry.apache.org>
>> Sent: Friday, May 23, 2008 8:57:30 AM (GMT-0500) America/New_York
>> Subject: Re: Use of passwordfield?
>>
>> Dan,
>>
>> This component does not display the previous value if there is one and
>> hides the input. This is important as view source would otherwise reveal
>> the passwords.
>>
>> The only thing you need to be careful about is that it will update your
>> password field in the bean to null when no new value was given by the
>> user. You probably don't want passwords to be reset like that.
>>
>> Kind regards,
>> Joachim
>>
>> Dan Adams wrote:
>>> To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
>>>
>>> Dan Adams
>>> Senior Software Engineer
>>> Interactive Factory
>>> p: 617.235.5857
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>
>>
>> --
>> Joachim Van der Auwera
>> PROGS bvba, progs.be
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator Apache Tapestry and Apache HiveMind
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Howard Lewis Ship <hl...@gmail.com>.
That's an interesting idea; the current value could, in fact, be
stored into form data (that's "relatively" secure). Alternately, the
password field could be changed to only update its value parameter if
the submitted value is non-blank (that's probably more useful).
On Fri, May 23, 2008 at 8:09 AM, Dan Adams <da...@ifactory.com> wrote:
> Yeah, that was my question. Do you have to create a separate field outside your bean and then update manually if it hasn't changed? Or is there a way that the field could be smart enough to store the value in the session or something and then update the bean value only when the user enters one.
>
> Dan Adams
> Senior Software Engineer
> Interactive Factory
> p: 617.235.5857
>
> ----- Original Message -----
> From: "Joachim Van der Auwera" <jo...@progs.be>
> To: "Tapestry users" <us...@tapestry.apache.org>
> Sent: Friday, May 23, 2008 8:57:30 AM (GMT-0500) America/New_York
> Subject: Re: Use of passwordfield?
>
> Dan,
>
> This component does not display the previous value if there is one and
> hides the input. This is important as view source would otherwise reveal
> the passwords.
>
> The only thing you need to be careful about is that it will update your
> password field in the bean to null when no new value was given by the
> user. You probably don't want passwords to be reset like that.
>
> Kind regards,
> Joachim
>
> Dan Adams wrote:
>> To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
>>
>> Dan Adams
>> Senior Software Engineer
>> Interactive Factory
>> p: 617.235.5857
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
>
> --
> Joachim Van der Auwera
> PROGS bvba, progs.be
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Howard M. Lewis Ship
Creator Apache Tapestry and Apache HiveMind
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Massimo Lusetti <ml...@gmail.com>.
On Fri, May 23, 2008 at 5:20 PM, Joachim Van der Auwera
<jo...@progs.be> wrote:
> In my beans, on the password field I just do something like
>
> public void setPassword( String value )
> {
> if ( null != value && !"".equals( value ) ) password = value;
> }
I've used this same technique in the past, now if i need to modify a
user i create a model which exclude the password field and then have a
specific page/form with the sole purpose of changing passwords.
I found updating profiles and changing password two different action
(and meaning) even if the update the same entity. Even if the action
is taken by a super-user (administrator)
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Joachim Van der Auwera <jo...@progs.be>.
In my beans, on the password field I just do something like
public void setPassword( String value )
{
if ( null != value && !"".equals( value ) ) password = value;
}
Kind regards,
Joachim
Dan Adams wrote:
> Yeah, that was my question. Do you have to create a separate field outside your bean and then update manually if it hasn't changed? Or is there a way that the field could be smart enough to store the value in the session or something and then update the bean value only when the user enters one.
>
> Dan Adams
> Senior Software Engineer
> Interactive Factory
> p: 617.235.5857
>
> ----- Original Message -----
> From: "Joachim Van der Auwera" <jo...@progs.be>
> To: "Tapestry users" <us...@tapestry.apache.org>
> Sent: Friday, May 23, 2008 8:57:30 AM (GMT-0500) America/New_York
> Subject: Re: Use of passwordfield?
>
> Dan,
>
> This component does not display the previous value if there is one and
> hides the input. This is important as view source would otherwise reveal
> the passwords.
>
> The only thing you need to be careful about is that it will update your
> password field in the bean to null when no new value was given by the
> user. You probably don't want passwords to be reset like that.
>
> Kind regards,
> Joachim
>
> Dan Adams wrote:
>
>> To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
>>
>> Dan Adams
>> Senior Software Engineer
>> Interactive Factory
>> p: 617.235.5857
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>>
>
>
>
--
Joachim Van der Auwera
PROGS bvba, progs.be
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Dan Adams <da...@ifactory.com>.
Yeah, that was my question. Do you have to create a separate field outside your bean and then update manually if it hasn't changed? Or is there a way that the field could be smart enough to store the value in the session or something and then update the bean value only when the user enters one.
Dan Adams
Senior Software Engineer
Interactive Factory
p: 617.235.5857
----- Original Message -----
From: "Joachim Van der Auwera" <jo...@progs.be>
To: "Tapestry users" <us...@tapestry.apache.org>
Sent: Friday, May 23, 2008 8:57:30 AM (GMT-0500) America/New_York
Subject: Re: Use of passwordfield?
Dan,
This component does not display the previous value if there is one and
hides the input. This is important as view source would otherwise reveal
the passwords.
The only thing you need to be careful about is that it will update your
password field in the bean to null when no new value was given by the
user. You probably don't want passwords to be reset like that.
Kind regards,
Joachim
Dan Adams wrote:
> To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
>
> Dan Adams
> Senior Software Engineer
> Interactive Factory
> p: 617.235.5857
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
Joachim Van der Auwera
PROGS bvba, progs.be
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Use of passwordfield?
Posted by Joachim Van der Auwera <jo...@progs.be>.
Dan,
This component does not display the previous value if there is one and
hides the input. This is important as view source would otherwise reveal
the passwords.
The only thing you need to be careful about is that it will update your
password field in the bean to null when no new value was given by the
user. You probably don't want passwords to be reset like that.
Kind regards,
Joachim
Dan Adams wrote:
> To ask a dumb question: what's the use of the passwordfield component since it doesn't output a value? I have a 'edit user' page where you have password and 'confirm password' fields. When you submit the form it resets the value to empty if you don't enter anything.
>
> Dan Adams
> Senior Software Engineer
> Interactive Factory
> p: 617.235.5857
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
Joachim Van der Auwera
PROGS bvba, progs.be
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org