[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How to hide input text in a form from user doing a view source

Posted on 1999-12-07
14
Medium Priority
?
421 Views
Last Modified: 2008-02-01
Basically, I have a RPT (Crystal Reports) file that is called via a URL.  For example...

<form method=post action="http://...filename.rpt">

<input type=hidden name=user value=fred>
<input type=hidden name=pwd value=secret>
<input type=submit value="GetReport">

The problem is that I don't want the surfer/user to do a view source, and hence see the user and password.

I've looked into frames (crystal viewer does not work in a frame), and javascript script to open control-less windows)

I'm looking for code fragments, and a method that will work, and that the user/surfer can not find the user/password info.

Your tools are VBScript (server / client).  If browser is IE5 only... its ok.   No 3rd party apps (free only) unless it plugs in as a component.

It is possible to do a:
http://www.name.com/filename.rpt?user=fred&pwd=secret

but... the method needs be such that the user can not see the username and password.

Better solution... better grade.
0
Comment
Question by:dcollins071397
  • 3
  • 3
  • 2
  • +5
14 Comments
 
LVL 3

Expert Comment

by:V_Bapat
ID: 2264255
I think writing an ASP is the solution.
0
 
LVL 19

Expert Comment

by:DreamMaster
ID: 2264402
yes using ASP would be the solution.

You can make a session variable to hold the password and use <input type="password" name="pwd"> to get Your users password (which should scramble it, making it all spaces, also in final code.)

do the same for the username field (meaning make a session variable) and You can loose the ?user=fred&pwd=secret
after Your link.

When You need to retrieve the value use
Session("pwd") to get the password and Session("username") for the username..

Hope this is helpfull..

Max Davidse
http://www.thekitchen.nl
0
 
LVL 1

Author Comment

by:dcollins071397
ID: 2266072
I've thought of that...

Unfortunitly, Crystal Report engine will not read from a Session variable.  It will only read from a Request variable  (via get/post).

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 

Expert Comment

by:awebd
ID: 2267651
You could create a small page that would auto submit it's self.
--
first page:
<a href="login.html">Click here to login</a>

login.html:
<html>
<head>
<script language="JavaScript">
 function sendIt(){
  document.form.submit();
 }
</head>
<body onLoad="sendIt()">
<form name="form" action="yourpage.html" method="post">
<input type="hidden" name="user" value="fred">
<input type="hidden" name="pwd" value="secret">
<input type="submit" value="send">
</form>
</body>
</html>

That should give you a form submission that only for a brief time will allow the user to see the username and password.
Other than that, the only thing I can think of would be to use ASP or PHP to modify the HTML header to include the user and pwd variables on the server-side. I however am not familiar with how this would be done.
0
 
LVL 1

Author Comment

by:dcollins071397
ID: 2267699
Hmm... clever.  I see if they had Javascript disabled then they would see it... but, still clever.

I've seen some Javascript (misplaced it), that will try to 'block' the Right-Click 'view source' command.  But, I believe it would only work on older browsers.
0
 
LVL 19

Expert Comment

by:DreamMaster
ID: 2267705
not only that...it will not stop users from looking at the source through the menu view/source either

0
 
LVL 6

Expert Comment

by:gete
ID: 2267777
An addition to DreamMaster, to prevent from menu view/source, use a frameset containing only one page (the real page), so when user try to view/source from menu they will only see the source of the frameset page.
0
 
LVL 19

Expert Comment

by:DreamMaster
ID: 2267819
Netscape users will still be able to view the frame source, so that will work for IE only...

but i agree it's an option...and it will solve part of the question...

just not all....
0
 
LVL 1

Accepted Solution

by:
Hocam earned 400 total points
ID: 2270117
Hi,
     Here is a temporary solution that you can apply to IE and some versions of Netscape.  Here is a right-click disabler....

<script language="javascript">
// No rightclick script
// (c) 1998 barts1000
// barts1000@aol.coma
function click() {
if (event.button==2) {
alert('[Your custom message here ]')
}
}
document.onmousedown=click
</script>

But in any case, there is absolutely NO WAY to hide HTML code. The reason being is that you are actially transmitting these files to the users system, and it gets stored.  Even if you disable the Source View options from web browser, they will still be able to see it by basically saving the HTML page as an .html file and viewin the contents by opening it in NotePad or some text editor.  And also the page you have transmitted cached, people can open the .html file from the Browser cache also.

Thanks,,,
-Hocam

0
 
LVL 1

Author Comment

by:dcollins071397
ID: 2270820

I was thinking that it was possible to have the page that would call the .RPT file have the 'cache expire' and such metatags.

Hmm, yea, even if I could hide the parameters in a  url line, the browser's history (say if IE), will probably still keep track of it.

Theres got to be a way...

several of you have come up with some very interesting ideas...
0
 

Expert Comment

by:andyknott
ID: 2750489
Hi,

I know this is an old question, but I'll add this comment anyway incase any one has a look.

I'm currently having problems viewing the html source code of my own web site!

I have a two frame page which has a two page frame nested within that. If I click menu view source I get the top frame set. If I write click any of the three sections I see that sections code. I can't however see the frameset of the nested two frame page. How do I do this? Or have I just solved dcollins inital problem?

I have not tried with NS only IE5.
I think I'll post this as a question also.
Any ideas, anyone........
0
 
LVL 3

Expert Comment

by:V_Bapat
ID: 2758227
I am not clear what you want to say.

If in a page with multiple frames, you right-click and view the source, you will get the source of that page. That is fine.

If you want to see the source of the frameset, for example, you have two frames in a browser window and you want to view the source of the main page which contains the frameset, you can:
1. Select Source from View menu, or
2. Right-click on the splitter bar and select "View source".

So, everything is viewable.
0
 

Expert Comment

by:andyknott
ID: 2791432
V Bapat: Yep your right, I was just being dense. I had no frame borders and identical backgrounds meaning the join between frames was invisible, but did exist.

Sorry to waste your time,

Andy
0
 
LVL 1

Expert Comment

by:tleighton999
ID: 13308373
Try making a frameset, with 2 frames

1 top + 1 bottom.

make the bottom fill 100% of the page, then put a blank page in the bottom, and the form in the top, this will make it harder for your visitors to view the source
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question