Industry good practice is to not encode any passwords in a webform; but fill it with a nonce or a fixed string like '***'. As to not let a `view source' reveal a password in the clear needless.
And then detect on save/submit if the user actually filled out anything. If not - the existing password is kept; if there is - the existing password is updated.
Actual behavior
Password in the clear in the form.
Steps to reproduce
Create data source, submit; go to modify/edit; hit `view source'.
Version
all
Installation method
freebsd ports
Expected behavior
Industry good practice is to not encode any passwords in a webform; but fill it with a nonce or a fixed string like '***'. As to not let a `view source' reveal a password in the clear needless.
And then detect on save/submit if the user actually filled out anything. If not - the existing password is kept; if there is - the existing password is updated.
Actual behavior
Password in the clear in the form.
Steps to reproduce
Create data source, submit; go to modify/edit; hit `view source'.
Additional information