>
>> I have a password field in one of my forms. How can I pre-populate that
>> field with a value? I have tried setting the value with
>> $form->password->setValue() but when the form is rendered the password
>> field
>> shows up blank. I know this is the intended behavior for login forms, but
>> the form I am working with now is not a login form. Thanks for the help!
>>
>>
>
> It doesn't matter if it's a login form. You should never pre-populate a
> password field.
>
> You shouldn't even store a password in plaintext; instead you should store a
> one-way hash of the salted password. So therefore you should never be able
> to retrieve the value with which you would pre-populate the password field.
>
> Regards,
> Bill Karwin
>
There are situations where you could not do this; for example where you
write some code that uses another web-api that requires credentials. If
you would allow users on YOUR website to enter their credentials for the
third-party api in a back-end, then this would need to be saved
plaintext. Although it could be argued that trying to imply security by
posting it through a "password" field in a form is dubious.
If you're trying to pre-populate the password field because you're
"losing" the password in the database [because the field in the form is
posted empty]; try to write your code to that an empty 'password' post
(call it remote web-api credential) does not overwrite the existing value.
Regards,
Ramon de la Fuente
没有评论:
发表评论