dcollins071397
asked on
How to hide input text in a form from user doing a view source
Basically, I have a RPT (Crystal Reports) file that is called via a URL. For example...
<form method=post action="http://...filename.rpt">
<input type=hidden name=user value=fred>
<input type=hidden name=pwd value=secret>
<input type=submit value="GetReport">
The problem is that I don't want the surfer/user to do a view source, and hence see the user and password.
I've looked into frames (crystal viewer does not work in a frame), and javascript script to open control-less windows)
I'm looking for code fragments, and a method that will work, and that the user/surfer can not find the user/password info.
Your tools are VBScript (server / client). If browser is IE5 only... its ok. No 3rd party apps (free only) unless it plugs in as a component.
It is possible to do a:
http://www.name.com/filename.rpt?user=fred&pwd=secret
but... the method needs be such that the user can not see the username and password.
Better solution... better grade.
<form method=post action="http://...filename.rpt">
<input type=hidden name=user value=fred>
<input type=hidden name=pwd value=secret>
<input type=submit value="GetReport">
The problem is that I don't want the surfer/user to do a view source, and hence see the user and password.
I've looked into frames (crystal viewer does not work in a frame), and javascript script to open control-less windows)
I'm looking for code fragments, and a method that will work, and that the user/surfer can not find the user/password info.
Your tools are VBScript (server / client). If browser is IE5 only... its ok. No 3rd party apps (free only) unless it plugs in as a component.
It is possible to do a:
http://www.name.com/filename.rpt?user=fred&pwd=secret
but... the method needs be such that the user can not see the username and password.
Better solution... better grade.
V_Bapat
I think writing an ASP is the solution.
yes using ASP would be the solution.
You can make a session variable to hold the password and use <input type="password" name="pwd"> to get Your users password (which should scramble it, making it all spaces, also in final code.)
do the same for the username field (meaning make a session variable) and You can loose the ?user=fred&pwd=secret
after Your link.
When You need to retrieve the value use
Session("pwd") to get the password and Session("username") for the username..
Hope this is helpfull..
Max Davidse
http://www.thekitchen.nl
You can make a session variable to hold the password and use <input type="password" name="pwd"> to get Your users password (which should scramble it, making it all spaces, also in final code.)
do the same for the username field (meaning make a session variable) and You can loose the ?user=fred&pwd=secret
after Your link.
When You need to retrieve the value use
Session("pwd") to get the password and Session("username") for the username..
Hope this is helpfull..
Max Davidse
http://www.thekitchen.nl
ASKER
I've thought of that...
Unfortunitly, Crystal Report engine will not read from a Session variable. It will only read from a Request variable (via get/post).
Unfortunitly, Crystal Report engine will not read from a Session variable. It will only read from a Request variable (via get/post).
You could create a small page that would auto submit it's self.
--
first page:
<a href="login.html">Click here to login</a>
login.html:
<html>
<head>
<script language="JavaScript">
function sendIt(){
document.form.submit();
}
</head>
<body onLoad="sendIt()">
<form name="form" action="yourpage.html" method="post">
<input type="hidden" name="user" value="fred">
<input type="hidden" name="pwd" value="secret">
<input type="submit" value="send">
</form>
</body>
</html>
That should give you a form submission that only for a brief time will allow the user to see the username and password.
Other than that, the only thing I can think of would be to use ASP or PHP to modify the HTML header to include the user and pwd variables on the server-side. I however am not familiar with how this would be done.
--
first page:
<a href="login.html">Click here to login</a>
login.html:
<html>
<head>
<script language="JavaScript">
function sendIt(){
document.form.submit();
}
</head>
<body onLoad="sendIt()">
<form name="form" action="yourpage.html" method="post">
<input type="hidden" name="user" value="fred">
<input type="hidden" name="pwd" value="secret">
<input type="submit" value="send">
</form>
</body>
</html>
That should give you a form submission that only for a brief time will allow the user to see the username and password.
Other than that, the only thing I can think of would be to use ASP or PHP to modify the HTML header to include the user and pwd variables on the server-side. I however am not familiar with how this would be done.
ASKER
Hmm... clever. I see if they had Javascript disabled then they would see it... but, still clever.
I've seen some Javascript (misplaced it), that will try to 'block' the Right-Click 'view source' command. But, I believe it would only work on older browsers.
I've seen some Javascript (misplaced it), that will try to 'block' the Right-Click 'view source' command. But, I believe it would only work on older browsers.
not only that...it will not stop users from looking at the source through the menu view/source either
An addition to DreamMaster, to prevent from menu view/source, use a frameset containing only one page (the real page), so when user try to view/source from menu they will only see the source of the frameset page.
Netscape users will still be able to view the frame source, so that will work for IE only...
but i agree it's an option...and it will solve part of the question...
just not all....
but i agree it's an option...and it will solve part of the question...
just not all....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was thinking that it was possible to have the page that would call the .RPT file have the 'cache expire' and such metatags.
Hmm, yea, even if I could hide the parameters in a url line, the browser's history (say if IE), will probably still keep track of it.
Theres got to be a way...
several of you have come up with some very interesting ideas...
Hi,
I know this is an old question, but I'll add this comment anyway incase any one has a look.
I'm currently having problems viewing the html source code of my own web site!
I have a two frame page which has a two page frame nested within that. If I click menu view source I get the top frame set. If I write click any of the three sections I see that sections code. I can't however see the frameset of the nested two frame page. How do I do this? Or have I just solved dcollins inital problem?
I have not tried with NS only IE5.
I think I'll post this as a question also.
Any ideas, anyone........
I know this is an old question, but I'll add this comment anyway incase any one has a look.
I'm currently having problems viewing the html source code of my own web site!
I have a two frame page which has a two page frame nested within that. If I click menu view source I get the top frame set. If I write click any of the three sections I see that sections code. I can't however see the frameset of the nested two frame page. How do I do this? Or have I just solved dcollins inital problem?
I have not tried with NS only IE5.
I think I'll post this as a question also.
Any ideas, anyone........
I am not clear what you want to say.
If in a page with multiple frames, you right-click and view the source, you will get the source of that page. That is fine.
If you want to see the source of the frameset, for example, you have two frames in a browser window and you want to view the source of the main page which contains the frameset, you can:
1. Select Source from View menu, or
2. Right-click on the splitter bar and select "View source".
So, everything is viewable.
If in a page with multiple frames, you right-click and view the source, you will get the source of that page. That is fine.
If you want to see the source of the frameset, for example, you have two frames in a browser window and you want to view the source of the main page which contains the frameset, you can:
1. Select Source from View menu, or
2. Right-click on the splitter bar and select "View source".
So, everything is viewable.
V Bapat: Yep your right, I was just being dense. I had no frame borders and identical backgrounds meaning the join between frames was invisible, but did exist.
Sorry to waste your time,
Andy
Sorry to waste your time,
Andy
Try making a frameset, with 2 frames
1 top + 1 bottom.
make the bottom fill 100% of the page, then put a blank page in the bottom, and the form in the top, this will make it harder for your visitors to view the source
1 top + 1 bottom.
make the bottom fill 100% of the page, then put a blank page in the bottom, and the form in the top, this will make it harder for your visitors to view the source