Jump to content

If user's reg/joining fails, can I refill password field or is this bad?

someguy321

By someguy321
in PHP Coding Help

 Share

Recommended Posts

someguy321 Member

someguy321

Posted
Posted

When users register for the site, it posts the form to an https version of the site. If there's any errors, it'll stay on the https and I show the form with the fields prefilled in with their inputs and the errors shown.

 

My question is: is it safe to also refill the password field?

Anyone here know the answer for sure?

Link to comment
Share on other sites
someguy321 Member

someguy321

Posted
  • Author
Posted

Assuming you are not using https it would be a bad thing because all of that information would be passed a crossed the internet. I always refill the email and username but I always reset the password for the user's security.

Thanks,

Colton Wagner

 

Right, but as I stated, I am using https. So are you saying it's ok then?

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

Bad with a capital B surely, never retain a user submitted password, this contradicts the 'Secure' aspect of a secure login, that's as bad as 'remembering' a captcha code.

 

This is meant to be security, meaning that bots can't fool a script...

 

Rw

Link to comment
Share on other sites
someguy321 Member

someguy321

Posted
  • Author
Posted

Bad with a capital B surely, never retain a user submitted password, this contradicts the 'Secure' aspect of a secure login, that's as bad as 'remembering' a captcha code.

 

This is meant to be security, meaning that bots can't fool a script...

 

Rw

 

Well if it's bots, there is a limit on 5 attempts within a 15 minute period so I'd assume that would stop bots from constantly reattempting. But are you sure that even if it redirects to https (was started at http) that there's still a risk?

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

The idea is security, and a password is something that has to be user submitted, not remembered from a previous post.

 

The method you have works fine, and the logic is sound, remember the username by all means, but not the password - exceedingly bad practise really, though it can be done, but definitely NOT recommended.

 

Rw

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.