SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast imlek's Avatar
    Join Date
    Apr 2003
    Location
    World
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protecting hidden HTML Form fields

    Hi,

    I'm using HTML Form to send information to destination.com as follow:

    <form name="form1" action="http://destination.com/receiver" method="post">
    <input type="hidden" name="Login" value="My-Username">
    <input type="hidden" name="Passwd" value="My-password">
    <input type="hidden" name="Cust" value="John Doe">
    <input type="hidden" name="Total" value="100">
    <input type="submit" value="Submit">
    </form>

    This HTML Form is the only method that destination.com can accept.

    But this is very big security issue, since people can use 'View Source' and get my login and username.

    How to protect my login and password from being viewable to the world but the form still work ? May be hide it somewhere? Or other method?

    Please advice.

    Thank you.

  2. #2
    SitePoint Addict
    Join Date
    Jan 2004
    Location
    Colorado Springs
    Posts
    308
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keep in on your hard drive and don't upload it. You can still execute the form locally and view the result on the internet. This form is for you only right?

    If the form is for your e-commerce site, you might want to look into programming languages such as ASP or PHP. I recommend the second since it's open-source and free.

  3. #3
    SitePoint Enthusiast imlek's Avatar
    Join Date
    Apr 2003
    Location
    World
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The form is for my visitors, so I can not only save it on my hard disk.

    How the programming (PHP) for this need?

    Please advice.

    Thanks.

  4. #4
    SitePoint Addict
    Join Date
    Jan 2004
    Location
    Colorado Springs
    Posts
    308
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The reason why you would want to use PHP or ASP is because they are parsed before the page loads. All secret information should be stored in a secured database somewhere. This way, when someone views the source, you won't be able to see any of the operations that were performed, just the HTML result

  5. #5
    SitePoint Wizard Lats's Avatar
    Join Date
    Jun 2003
    Location
    Melbourne, AU
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't have the default values stored on the page. Use something like this instead...
    Code:
    <input type="text" name="Login" value="Your login name">
    <input type="password" name="Passwd" value="">
    Lats...

  6. #6
    SitePoint Enthusiast imlek's Avatar
    Join Date
    Apr 2003
    Location
    World
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the advice guys.

  7. #7
    SitePoint Enthusiast
    Join Date
    Aug 2004
    Location
    around
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    could use something like curl or snoopy to do it with php and keep your values safe.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •