-1

User control (ascx) with a password input. Right-click, inspect - the value is visible. This doesn't happen if the password input is in an aspx.

Hmm, it seems I have to add some ramblings here, since the platform won't allow me to post this thread due to "mostly code".

Default.aspx

<%@ Page Language="C#" %>

<%@ Register Src="UserPassword.ascx" TagName="UserPass" TagPrefix="uc" %>

<script runat="server">

   protected void Page_Load( object sender, EventArgs e )
   {
      if ( !X.IsAjaxRequest )
      {
         this.BindUser();
      }
   }

   public void BindUser()
   {
      userPass1.UserName = "AliBaba";
      userPass1.Password = "OpenSesame";
   }
</script>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
   <title>Password inspect bug</title>
</head>
<body>
   <form id="form1" runat="server">
      <ext:ResourceManager runat="server" />

      <ext:Window
         ID="Window1"
         runat="server"
         Icon="User"
         Closable="false"
         Title="Customer Details"
         Width="350"
         Height="230"
         Resizable="false"
         BodyStyle="background-color:#fff;"
         BodyPadding="5"
         Layout="Anchor">
         <Items>
            <ext:Panel ID="panel1" runat="server" Header="false" Layout="FitLayout">
               <Content>
                  <uc:UserPass ID="userPass1" runat="server"></uc:UserPass>
               </Content>
            </ext:Panel>
         </Items>
      </ext:Window>
   </form>
</body>
</html>

UserPassword.ascx

<%@ Control Language="C#" %>

<script runat="server">
   public string UserName
   {
      get { return this.txtUser.Text; }
      set { this.txtUser.Text = value; }
   }

   public string Password
   {
      get { return this.txtPassword.Text; }
      set { this.txtPassword.Text = value; }
   }
</script>

<ext:Panel ID="panel1" runat="server" BodyPadding="5" Layout="AnchorLayout">
   <Items>
      <ext:Panel ID="panel2" runat="server" Border="false" Header="false" AnchorHorizontal="100%" Layout="FormLayout">
         <Items>
            <ext:TextField ID="txtUser" runat="server" FieldLabel="User" />
            <ext:TextField ID="txtPassword" runat="server" FieldLabel="Password" InputType="Password" />
         </Items>
      </ext:Panel>
   </Items>
</ext:Panel>

Are there any known workarounds?

Edgar
  • 473
  • 1
  • 5
  • 19

1 Answers1

0

Short answer: Use this.txtPassword.setValue(value) not this.txtPassword.Text = value to fix your direct problem.

Long answer: Why you are setting the password from the server? Best practice states that passwords are stored as hashes on the server so you don't actually know a users real password, you are just comparing two hashes.

public string Password
{
   get { return this.txtPassword.Text; }
   set { this.txtPassword.Text = value; }
}

If you want to autofill a password, which i assume you do, you need to use a cookie. 

if (Request.Cookies["username"] != null)
{
     this.txtUsername.setValue(Request.Cookies["uid"].Value);
     this.txtPassword.setValue(Request.Cookies["pwd"].Value);
}
Juls
  • 658
  • 6
  • 15
  • I must work with what I have - it the powers that be decided they need the password in the DB, what more can I do? I've been told to use a dummy password in the GUI to fix this issue. – Edgar Jul 20 '18 at 10:25