I wanted to ask why Rails’ password_field helper uses the input password
as default value when reloading a form because of errors? Isn’t this a
potential security leak? On any other webs I’ve seen so far the password
fields have to be filled in again after every reload of the site so the
password doesn’t exist in plain text in the html code…
Questionable whether this should be a framework thing or controlled by
the
programmer. I think I would rather have control over it then have it
imposed
on me. Better yet, maybe a password field could recognize a
:reset_on_error
attribute or something similar.
Questionable whether this should be a framework thing or controlled by the
programmer. I think I would rather have control over it then have it imposed
on me. Better yet, maybe a password field could recognize a :reset_on_error
attribute or something similar.
For reference, the Struts tag html:password has an attribute called
“redisplay” that defaults to true. Makes it easy for the developer to
decide how he wants the field to behave, and seemed like a pretty
simple solution.
– James
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.