假设你有一个糟糕的一天，急于登录到一个喜爱的网站，然后意外地提交您的密码在用户名文本框代替。你应该担心并更改你的网站密码，还是只是毫无根据的恐惧？

今天的问答环节是由SuperUser提供的，SuperUser是Stack Exchange的一个分支，是一个由社区驱动的问答网站分组。

问题

超级用户阅读器agentnega想知道在用户名文本框中键入密码并意外提交密码会有什么危险：

Let’s say I typed my password into the username text box of a frequently-visited website (https of course) and hit enter before I noticed what I was doing.

Is my password now sitting in plain text in a log file somewhere? How could my mistake be exploited by a crafty miscreant? Help me understand the actual security implicati*** regardless of the likelihood of it actually happening.

这真的是一个值得担心的问题吗，或者你能把它看作一个简单的错误而忘记它吗？

答案

超级用户贡献者Nikolay和GregD为我们提供了答案。首先，尼古拉：

It depends on the configuration of the authentication system for the website. If it was setup to log any attempts, then yes, it is now in the log (text file or database) in plain text. It could look like this:

12-Feb-2014 12:00:00 AM: Unsuccessful login attempt user (YOUR_PASSSORD_HERE) from (YOUR_IP_HERE);

or similar.

It is still true that a password will not be accessible for regular users, only for those who have access to log files.

What c***equences does it imply?

• If the server was ever compromised, then theoretically, the hacker would have your plain text password.
• The website’s administrator could routinely go through the log files and accidentally find your password. He can then find the IP address this record came from, and thus he can theoretically find out what your username and e-mail are (because he has access to the database).

So, if you use the same e-mail/username/password on other websites, then change it immediately. Because there is always a chance that your password will be found out. Logs can remain on servers for years.

接着是格雷格的回答：

Just as you said, web applicati*** tend to keep logs of unsuccessful login attempts. If someone were to look through the logs, he could connect this particular login attempt with one of your successful attempts (i.e. via IP address).

Though I do not think this is likely to happen, you can always change it be sure.

随着这些天来我们读到和听到的大量数据泄露，最好是更改有关网站的密码（以及任何其他具有相同密码的网站），以使您安心。当涉及到你的在线帐户的安全性时，安全总比抱歉好！

有什么要补充的解释吗？在评论中发出声音。想从其他精通技术的Stack Exchange用户那里了解更多答案吗？在这里查看完整的讨论主题。