I have an HTML form
<form method="post" action="URL">
<input type ="text" name="u">
<input type="password" name = "pass"></form>
When I do a form submit, all works fine, but I can see the password in the server logs.Question how does one block the password seen on the logs
I found that the password is being logged in central, corrected it
Related
When I fill out my signup form, I enter a username, then click "Suggest strong Password" for the password box.
The username doesn't show in this box. How can I force it to? Here are my username and password fields.
<form action="#" method="post">
Username: <input type="text" name="uname" id="uname" value="" placeholder="" required="" autocomplete="username"><br><br>
Password: <input type="password" name="uPass" id="uPass" required="" autocomplete="new-password"><br><br>
Confirm: <input type="password" name="uPass_2" id="uPass_2" required="" autocomplete="new-password"><br><br>
<button type="submit">
Create
</button>
</form>
Below is a JS Fiddle, SO's code playground wouldn't even give me a password list. I guess it's a difference in how they render the page.
First, here's how to reproduce the issue:
Enter a username, say "stack".
Click the first password field, click "suggest strong password." Nothing will happen because it's the first time you're saving a password to that username.
Rerun the fiddle, enter the same username, click "suggest strong password." again. This time, you'll get the popup because you're actually updating the password.
JSFiddle: https://jsfiddle.net/gn1qzwyu/
The password along with username is normally saved and updated on a redirect. In that case the username is picked up correctly. However, in case of "suggest password" the password is actually remembered in advance, during this action, not during redirect. Because of your fiddle does not provide correct redirect, after first "suggest password" attempt, credentials are saved as a password with "no username".
This "no username" is the reason for immediate pop-up during second "suggest password" attempt because Chrome can't decide which username is correct - "no username" or that one you filled up in the form. Note that second, "correct one" is pickable in the "Username" field too - its triangle is visible on your screenshot. The reason for immediate pop-up is the same as it was for first attempt - Chrome wants to save suggested password in advance and does not wait a redirect. The reason why Chrome remembers suggested password right away and doesn't remember username in the same moment is that suggested password is trusted upon form submission but the username is not.
It seems like Edge and Firefox have the same behavior.
Solution for productive sites: implicitly provide correct redirect (or substitutive actions). Solution for users: delete saved credentials with blank username for that sites where a username should exist.
I have this strange bug on Firefox, not Chrome (both updated).
On the login page of my website, the fields are :
<div class="input text required">
<label for="ArchUtilisateurUsername">Identifiant :</label>
<input name="data[ArchUtilisateur][username]" id="ArchUtilisateurUsername" type="text">
</div>
<div class="input password">
<label for="ArchUtilisateurPassword">Mot de passe :</label>
<input name="data[ArchUtilisateur][password]" id="ArchUtilisateurPassword" type="password">
</div>
Then on another page, I have a form to create "readers" accounts, which are different than users accounts. It uses read ID and password as login informations, but in this form, both aren't next to each others.
So I have this :
<div class="group-content">
<div id="DivFieldLecteurFormCompteActif" class="input checkbox ">
<input name="data[LecteurForm][compte_actif]" value="" type="hidden">
<input name="data[LecteurForm][compte_actif]" id="FieldLecteurFormCompteActif" value="1" type="checkbox">
<label for="FieldLecteurFormCompteActif">Compte actif</label>
</div>
<div id="DivFieldLecteurFormPassword" class="input password ">
<label for="FieldLecteurFormPassword">Mot de passe</label>
<input name="data[LecteurForm][password]" id="FieldLecteurFormPassword" autocomplete="off" type="password">
</div>
<div id="DivFieldLecteurFormPasswordConfirm" class="input password ">
<label for="FieldLecteurFormPasswordConfirm">Confirmation</label>
<input name="data[LecteurForm][password_confirm]" id="FieldLecteurFormPasswordConfirm" autocomplete="off" type="password">
</div>
</div>
The strange problem is, if a user validates the Firefox's "save my login datas" popup when he logs in the website, when he opens the "reader" form,
the "password" field is filled with the user's password
the first previous text input field to the password field is filled with the user's username
Starting to the password field : if the previous one is a checkbox, select, radio, it's ignored and go further. If I remove the input field with the username from my source, when I reload the page it's the next previous input field that get the username.
All seems to be linked to the password field :
Login form and Reader form have different password field names, but it's still doing this
If I delete this password field in the code, after reloading the "password confirm" field is filled with the user password
If I delete both, the user password appear nowhere, so do the username.
If I change the password field type from "password" to "text" and reload, the password doesn't appear in this field but in "confirm password". And no longer appear (nor the username) if I do this to both.
The last point seems to confirm that (in my case at least), when Firefox has a saved username/password for a website, it tries to fill the infos to the first password-type field he finds, then fills the first previous text-type field.
As you can see in the code, it does this even if I put an autocomplete="off" on the field.
So Firefox auto-filled the wrong form, which even have different field names (and differents fields id), with saved login informations. Is it a known-behavior ? is there a way to prevent it (as the autocomplete doesn't seems to do the job) ?
Just to prevent another answer, I removed multiple times all datas from Firefox's password manager, it's not about old stored fields names.
Finally, I found a working answer here : https://stackoverflow.com/a/29852908/1459054
While searching, this "bug"... sorry, "feature", exists for more than 10 years in Firefox, I saw multiple bugs reports about this tagged "WONTFIX" because it's the expected behavior ("Password manager shouldn't rely on field names") that makes the login informations popin anywhere it can fit, and because "it doesn't concern many users, so its not important to fix".
I am using xampp in order to run a server on my computer. I want to setup a simple hotspot with Microsoft miniport adapter, but when people type anything, it redirects them to a page where they enter the password and after that, they can connect to the internet, otherwise they only get redirected to my page.
I will ask for there first name also but I need everything to be read as text and recorded as text (no encryption) so I can easily read who is connected and when.
I intend to use this simple HTML script, but after that I have no idea what the form handler should be and how to record the information as text.
<form action="/action_page.php">
First name:<br>
<input type="text" name="firstname" value="Mickey"><br>
Password:<br>
<input type="text" name="password" value="Mouse"><br><br>
<input type="submit" value="Submit">
</form>
Link to code
I faced an issue recently where Google Chrome offers to save username and password for a login form, but took a different field value than the username-field to store as username.
Does anyone know which criteria are used by chrome to determine the username and password in a login form?
My guess (but cannot find documentation to proof it):
take first text-field as username
take first password field as password
When a website developer creates a login form on their website, they usually add specific HTML tags to the form to identify it as a login form. When a user visits the website and clicks on the form, the browser recognizes the HTML tags and knows that the form is a login form. The browser may then offer to save the user's login information, so that the user doesn't have to enter it every time they visit the website.
Here is an example of a login form with HTML tags:
<form action="/login" method="post">
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password"><br><br>
<input type="submit" value="Submit">
</form>
In this example, the form tag specifies that this is a form, and the input tags with the type attribute set to "text" or "password" specify that this is a login form.
I have a password field
<input type="password" name="Password" id="Password" value="PASSWORD" tip="" autocomplete="off">
When I load the page in any other browser I see the password field with the ****** filled in, however, when I load the page in MS Edge the field is blank, and when I submit the form, no value is passed.
Is this a bug, or is there something else I am missing?
If there's more than one field it could be related to this: https://connect.microsoft.com/IE/feedback/details/804869/ie11-multiple-password-fields-on-https-page