A minor niggle, but some times you want a web form that has passwords.
The classic solution is type=password and send the password as the value. This works, and if the page is all https, then why not, it is secure. It also offers to save the password (something that is really hard to disable these days, and there are reasons to want to do that!).
But what if not https, for, reasons*?
Sending a password is not ideal - but if not https, sending one back is also in the clear, but if the threat is purely snooping then it is not too daft to minimised sending it when not needing changing. You minimised the window of capturing it. You also stop someone simply requesting the page to see it, even if they are able to change it.
So a simple fix is to have a rouge value password you use to mean no change such as ********. You can send this and if a returned value is not that then it means a new password has been set.
It bugs me slightly, as it means you cannot have a password of ********.
- Only send when password set, as always useful to be clear if a password is set or not.
- Why not use something more esoteric, such as ✶✶✶✶✶✶✶✶ (unicode 6 pointed stars). Passwords should allow unicode stuff, obviously.
- Allow setting the password to the rogue value if not currently set, meaning you sent blank and not the rouge value, so the rouge value coming back means someone set it. This means the only limitation is changing from one password to the rouge value without unsetting it first - not a biggie (if documented).
* such as local control to a microcontroller that has limited capability to do https and limited capability to handle certificates. A problem we would all like to solve cleanly.
** And yes, I mean for those occasions where one cannot store a hash! They exist! WiFi passwords for one. But even when a hash, you need a way to know someone is trying to change the password, and this works for that too.