next up previous contents
Next: Associating labels with text Up: Forms: Facilitating User Input Previous: Text Input

Password

One obvious drawback of the text input is its openness. Suppose you needed to ask for a password. If you use an <INPUT type="text"> tag, anyone sitting next to or behind the user will be able to read what the user types as it appears on the screen. This is Not a Good Thing.

There is a solution to this problem, in the form of a new type of input.

This is the password input:

Try Typing in the field below:

Be warned, however: this 'visual security' is the furthest extent of the security afforded by the password input. There is absolutely no encryption of any kind whatsoever. Information entered into a password input is still sent to the CGI program 'in the clear;' that is, as plain text. This makes it vulnerable to security attacks such as packet sniffing, which are uncommon but not unheard of.

The only way to ensure the safety of information entered into a password field is to send it over a connection to a secure Web server, in which case all of the data entered into the form- not just the password field- is encrypted.


next up previous contents
Next: Associating labels with text Up: Forms: Facilitating User Input Previous: Text Input
dave@cs.cf.ac.uk