I’m creating a walkup create account page for our website. I’ve always cleared out the default value=”” for a type=”password” input out of paranoia, after a user has submitted a form, even if the two passwords match and are valid. I started to think on this after our designer asked me if there was any real point to doing that. I can certainly echo the passwords into the value=”” field after submit, if they are not the offending validation failure, but are there vulnerabilities associated with this approach? We’re defaulting to https on this particular page. I know that you could do an html rewrite to change the input type such that you are echo’ing into a non-masked input, but that seems like it could only affect the user locally.

Example form:

<input type="text" name="username" value="<?php echo $username; ?>">
<input type="password" name="password1" value="">
<input type="password" name="password2" value="">

On submit, check if the username looks like a proper email, the passwords match, and the passwords beat our minimal requirements. If the email offends, but the passwords don’t, could I add…

<input type="password" name="password1" value="<?php echo $password1; ?>">
<input type="password" name="password2" value="<?php echo $password2; ?>">

… and be worry free? And no, I’m not using register globals. I pull them out of $_POST manually and do sanitization first.

Josh