What is this witch craft?
How does a textbox type password know the length of the password for each user without it being bound?
I stumbled across this phenomena for the first time today and an amazed and puzzled as to what is happeneing?
I have tried to elimate user error by creating a stand alone page just to test this. Basic page structure aside this is all the code on the page.
ASP.NET
<asp:TextBox ID="txtUsername" runat="server" />
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"/>
VB.NET
Using con As New SqlConnection
con.ConnectionString = ConfigurationManager.ConnectionStrings("Con").ConnectionString
Using cmd As New SqlCommand("TM.sp", con)
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.Add("@UserID", SqlDbType.Int).Value = Request.QueryString("UserID")
con.Open()
Using sdr As SqlDataReader = cmd.ExecuteReader()
While sdr.Read()
txtUsername.Text = sdr("Username")
End While
End Using
End Using
End Using
In every instance the txtPassword Textbox is populated with the correct length password in the hidden type="password" format.
Nowhere am I binding the password nor is it requested in the stored procedure however it is stored in the database along with the username
If I change Textmode on the password textbox or do not output the username field then the password is no longer output.
Can someone explain this behaviour and point to the related spec?
