Home > Managing Application Security > Understanding Developer Sec... > Understanding Items of Type...
Previous |
Next |
Password items do not emit the text entered to the Web browser screen. When creating items of type password, Oracle recommends using password item types that do not save session state. This prevents the password from being saved in the database in the session state tables.
Available password item types include:
Password - Suppresses text entered into the field. Saves the value in session state when the page is submitted.
Password (submits when Enter pressed) - Suppresses text entered into the field and submits the page when ENTER is pressed.
Password (does not save state) - Suppresses text entered into the field. Does not save the value in session state.
Password (submits when Enter pressed, does not save state) - Suppresses text entered into the filed and submits the page when Enter is pressed. Does not save the value in session state.
The Password and Password (submits when Enter pressed) save the password in a database table when the page is submitted. Use these password item types only when the password is needed in session state for use by other pages during the session.
Password (does not save state) and Password (submits when Enter pressed, does not save state) do not save the password in a database table. Use these password item types when the submitted password value is used only by after-submit page processing on the same page and is never needed again during the session.
If you must reference and retrieve the value of a password in your application then you should set the Store value encrypted in session state attribute to Yes. To learn more, see "About Session State and Security".