Well the standard approach would be something like this:
Enter Old Password:
*******
Enter New Password:
*******
Confirm New Password:
*******
You would normally never want to display their password on the screen if it
can be avoided.
If they forget their password you can email it to them and/or generate a new
password for them.
Secret Question & Answer pairs are an alternate way to authenticate someone
if they forget their password.
Of course the subject of security is deep. There are entire books written
on the subject.
Here's more info for you:
http://msdn.microsoft.com/library/de...SecNetch03.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at
http://www.able-consulting.com
"Jonathan Dienst" <anonymous@discussions.microsoft.com> wrote in message
news:025901c3ad38$cd43eae0$a101280a@phx.gbl...[color=blue]
> Thanks Steve - that sorted the problem out.
>
> This particular app is designed to run over an intranet
> and does not contain any really sensitive information, so
> the security requirements are modest.
>
> In those cases where the security requirements are more
> sever, what is the recommended way of allowing the users
> to modify their passwords for a web app?
>
> Regards
> Jonathan Dienst
>[color=green]
> >-----Original Message-----
> >Sending the password in plain text to the browser is a[/color]
> bad idea from a[color=green]
> >security standpoint so the default security settings[/color]
> discourage it.[color=green]
> >(Anybody can do a view source for the page
> >and see the password)
> >
> >However there is a workaround. You must set the[/color]
> password text via[color=green]
> >clientside script.
> >Here's the simplest example I've seen:
> >
> >MyPWTextBox.Attributes.Add("value", strPassword)
> >
> >This server side code outputs the needed client side code
> >
> >--
> >I hope this helps,
> >Steve C. Orr, MCSD, MVP
> >
http://Steve.Orr.net
> >Hire top-notch developers at
http://www.able-[/color]
> consulting.com[color=green]
> >
> >
> >
> >"Jonathan Dienst" <anonymous@discussions.microsoft.com>[/color]
> wrote in message[color=green]
> >news:03ea01c3ac61$8b27ea80$a001280a@phx.gbl...[color=darkred]
> >> I have a simple data access and administration page for
> >> user details on my site, including a login password --
> >> but I cannot get the textbox to work properly if the
> >> TextMode is set to "Password".
> >>
> >> The user details are modified in making a hidden table
> >> with textboxes visible -- in response an edit command
> >> from the datagrid. One of the textboxes is used for the
> >> user's password. If this textbox has the attribute
> >> TextMode="SingleLine" (ie the default) in the HTML,
> >> everything works fine.
> >>
> >> If I change the HTML to say TextMode="Password", the
> >> textbox comes up blank when modifying the record, even
> >> though debugging the code behind confirms that the
> >> password was successfully retrieved and entered into[/color][/color]
> the[color=green][color=darkred]
> >> textbox's Text property.
> >>
> >> What gives?[/color]
> >
> >
> >.
> >[/color][/color]
