Is there any secure way of setting value to textbox in password mode? I have a custom login form with a password textbox:
\[code\]<asp:TextBox ID="tbPassword" runat="server" TextMode="Password"></asp:TextBox>\[/code\]
and on page load, I'd like to put there some remembered password I've decrypted in code-behind from a cookie. 95% of answers I've found is to set the textbox value, like:
\[code\]tbPassword.Attributes["value"] = "ThePassword";\[/code\] However, it's not the most secure way, as it generates following HTML code, visible when view source, where password is stored in a plain text:\[code\]<input id="tbPassword" type="password" value="http://stackoverflow.com/questions/12623391/ThePassword" name="ctl00$cpMainContentParent$tbPassword">\[/code\]I've tried different way with jQuery, setting value with: \[code\]$("#tbLogin").val("ThePassword");\[/code\]It is much better, as the value is not visible in View Source, yet the password is visible in jQuery script on a page... I've also tried to register client script and run it, but as I cannot "unregister" it, so result is the same as with the plain jQuery sript...Do you know any workaround to set that value and not show it in source code?
\[code\]<asp:TextBox ID="tbPassword" runat="server" TextMode="Password"></asp:TextBox>\[/code\]
and on page load, I'd like to put there some remembered password I've decrypted in code-behind from a cookie. 95% of answers I've found is to set the textbox value, like:
\[code\]tbPassword.Attributes["value"] = "ThePassword";\[/code\] However, it's not the most secure way, as it generates following HTML code, visible when view source, where password is stored in a plain text:\[code\]<input id="tbPassword" type="password" value="http://stackoverflow.com/questions/12623391/ThePassword" name="ctl00$cpMainContentParent$tbPassword">\[/code\]I've tried different way with jQuery, setting value with: \[code\]$("#tbLogin").val("ThePassword");\[/code\]It is much better, as the value is not visible in View Source, yet the password is visible in jQuery script on a page... I've also tried to register client script and run it, but as I cannot "unregister" it, so result is the same as with the plain jQuery sript...Do you know any workaround to set that value and not show it in source code?