hiding password in "action"

Posted on 2006-05-02
Last Modified: 2010-05-18
here's my html:
        <script language="JavaScript">
            var loginField;
            var passwordField;

            function doLogin(){
                loginField = document.getElementById('user_ln');
                passwordField = document.getElementById('user_pw');                
                if(loginField.value == ""){
                    alert("Please enter your login name.");
                } else {
                    if(passwordField.value == ""){
                        alert("Please enter your password.");
                    } else {
                        validateAllInput(); //filter out html tag
                        var loginForm = document.getElementById('login_form');
                        loginForm.action = '/utils/UserLogin';
<form id="login_form" action="">
      User Login ID:      <input type="text" id="user_ln" name="user_ln">
      User Password:    <input type="password" id="user_pw" name="user_pw" >
                                 <input type="button" name="options" value="Login" onclick="login()">

when i click on the login button, it will submit to a servlet: UserLogin.
I notice that the url in the browser address become:

and the password is shown! is there a way to hide it?
Question by:InNoCenT_Ch1ld
    LVL 3

    Accepted Solution

    you could use form action = "POST" like so

    <form id="login_form" action="POST">

    LVL 3

    Author Comment

    tks kuttz ;-)
    but it is not shown doesn't means it is save right?
    i think my browser got warns me about no encryption bla bla.. so, do u know any online resources that can help me to improve the security a bit?

    big tks in advanced
    LVL 3

    Author Comment

    btw, i think u mean method="POST" ??
    LVL 11

    Assisted Solution

    You can use https instead of http. This will provide with quite a good security for the most purposes.
    LVL 3

    Expert Comment

    yeah sorry... i meant method="POST"..

    i agree.. it isnt very safe... J2EE has many built-in security features specifically for this...
    check out..


    LVL 3

    Author Comment

    WelkinMaze, i'm running on https at the server.. but when debug locally, i use http..

    and i think i gonna close this question now. will post another question regarding security/encryption later.


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Exception creating bean of class 5 144
    maven project in eclipse 11 53
    TreeSet comparator example 7 86
    using if condition without JSTL 2 99
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now