[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

hiding password in "action"

here's my html:
<html>
<head>
        <script language="JavaScript">
            var loginField;
            var passwordField;

            function doLogin(){
                loginField = document.getElementById('user_ln');
                passwordField = document.getElementById('user_pw');                
               
                if(loginField.value == ""){
                    alert("Please enter your login name.");
                    loginField.focus();
                    loginField.select();
                } else {
                    if(passwordField.value == ""){
                        alert("Please enter your password.");
                        passwordField.focus();
                        passwordField.select();
                    } else {
                        validateAllInput(); //filter out html tag
                        var loginForm = document.getElementById('login_form');
                        loginForm.action = '/utils/UserLogin';
                        loginForm.submit();
                    }
                }
            }
       </script>
</head>
</body>
<form id="login_form" action="">
      User Login ID:      <input type="text" id="user_ln" name="user_ln">
      User Password:    <input type="password" id="user_pw" name="user_pw" >
                                 <input type="button" name="options" value="Login" onclick="login()">
</form>
</body>
</html>

when i click on the login button, it will submit to a servlet: UserLogin.
I notice that the url in the browser address become:
http://localhost:8084/utils/UserLogin?user_ln=jerry&user_pw=12

and the password is shown! is there a way to hide it?
tks
0
InNoCenT_Ch1ld
Asked:
InNoCenT_Ch1ld
  • 3
  • 2
2 Solutions
 
arun_kuttzCommented:
you could use form action = "POST" like so

<form id="login_form" action="POST">

-KuTtZ
0
 
InNoCenT_Ch1ldAuthor Commented:
tks kuttz ;-)
but it is not shown doesn't means it is save right?
i think my browser got warns me about no encryption bla bla.. so, do u know any online resources that can help me to improve the security a bit?

big tks in advanced
0
 
InNoCenT_Ch1ldAuthor Commented:
btw, i think u mean method="POST" ??
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
WelkinMazeCommented:
Hi,
You can use https instead of http. This will provide with quite a good security for the most purposes.
0
 
arun_kuttzCommented:
yeah sorry... i meant method="POST"..

i agree.. it isnt very safe... J2EE has many built-in security features specifically for this...
check out..
 http://e-docs.bea.com/wls/docs70/webapp/security.html

-KuTtZ

0
 
InNoCenT_Ch1ldAuthor Commented:
WelkinMaze, i'm running on https at the server.. but when debug locally, i use http..

and i think i gonna close this question now. will post another question regarding security/encryption later.

tks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now