client side validation security issue

I am validating password in javascript for null and number of characters before submitting the form. The problem is that, using firebug i can see the value entered in the passwor开发者_运维百科d field (putting a breakpoint and hovering over the script).Is there a way to prevent this?

No, there isn't.

People with access to the web browser have access to everything that web browser is going to send to the server. It is operating on their behalf, after all.

Javascript is a client-side language, so since the password is stored in memory you can retrieve it locally. You can do nothing about it. This is not a problem since no one else could see it, but if you are worried about password security you should better worry about how password is transmitted, the encryption, etc..

Try to use https to transmit the password or MD5. First hash your password, then transmit it and decrypt it on the server-side. You have a very good code snippet here

http://pajhome.org.uk/crypt/md5/md5.html

If you have any doubts comment and I'll try to help

There shouldn't be any security issue as only the user could see his own password. You should use SSL so the browser knows not to cache that data and so that it isn't readable when sent over the wire.