Protecting hidden HTML Form

  • imlek
  • Born
  • Born
  • imlek
  • Posts: 4

Post 3+ Months Ago

Hi,

I'm using HTML Form to send information to destination.com as follow:
Code: [ Select ]
<form name="form1" action="http://destination.com/receiver" method="post">
<input type="hidden" name="Login" value="My-Username">
<input type="hidden" name="Passwd" value="My-password">
<input type="hidden" name="Cust" value="John Doe">
<input type="hidden" name="Total" value="100">
<input type="submit" value="Submit">
</form>
  1. <form name="form1" action="http://destination.com/receiver" method="post">
  2. <input type="hidden" name="Login" value="My-Username">
  3. <input type="hidden" name="Passwd" value="My-password">
  4. <input type="hidden" name="Cust" value="John Doe">
  5. <input type="hidden" name="Total" value="100">
  6. <input type="submit" value="Submit">
  7. </form>

This HTML Form is the only method that destination.com can accept.

But this is very big security issue, since people can use 'View Source' and get my login and username.

How to protect my login and password from being viewable to the world but the form still work ? May be hide it somewhere? Or other method?

Please advice.

Thank you.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • darksat
  • Proficient
  • Proficient
  • User avatar
  • Posts: 487
  • Loc: London (via the rest of the world)

Post 3+ Months Ago

Code: [ Select ]
<form name="form1" action="http://destination.com/receiver" method="post">
<input type="hidden" name="Login" value="My-Username">
<input type="text" name="Passwd" value="">
<input type="hidden" name="Cust" value="John Doe">
<input type="hidden" name="Total" value="100">
<input type="submit" value="Submit">
</form>
  1. <form name="form1" action="http://destination.com/receiver" method="post">
  2. <input type="hidden" name="Login" value="My-Username">
  3. <input type="text" name="Passwd" value="">
  4. <input type="hidden" name="Cust" value="John Doe">
  5. <input type="hidden" name="Total" value="100">
  6. <input type="submit" value="Submit">
  7. </form>


use this.
You have to type in your password but at least its secure
  • imlek
  • Born
  • Born
  • imlek
  • Posts: 4

Post 3+ Months Ago

Thanks for the reply.
But my visitors can not have the login and password, it is secret. :)
Please advice.
  • ScienceOfSpock
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1893
  • Loc: Las Vegas

Post 3+ Months Ago

if you're using php, you *should* do this using curl on the backend, not the front end.

For instance, have your form post to another page on your site WITHOUT the username and password. That page then uses curl to pass the information, along with your username and password to destination.com/reciever on the backend. Your users never have to see your username and password, and an added bonus is that they don't leave your site. Also if you're doing transactions, destination.com/recieve should be using https, not http.
  • darksat
  • Proficient
  • Proficient
  • User avatar
  • Posts: 487
  • Loc: London (via the rest of the world)

Post 3+ Months Ago

Use a hidden div to hide it.

otherwise they will see the submit buttin.
Place it in a hidden division.
try dynamicdrive.com for free scripts & just modify them slightly.

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 51 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.