The PASSWORD component is a variant of the FIELD component - for password input.

For security reasons the server side part of the component will never send a password value to the client: if the password value (attribute TEXT) of the component on server side is "harry", then some anonymized value "*******" will be sent as data to the client. - So the component is an input-only component! The numnber of "*"s does not represent the actual number of characters of the password value.

You may use the encryption features of the component, which ensure that the encryption of the password value that a user keys in is done on client side already. In this case the clear text of the value will never be transferred via the network between browser and server, but only its encrypted value.

If using http only (i.e. no https) then the encryption is some "must!" - otherwise the value of the password is sent via straight http and as consequence can be viewed by any attacker who is between your browser and your server! 

 