InNoCenT_Ch1ld
asked on
hiding password in "action"
here's my html:
<html>
<head>
<script language="JavaScript">
var loginField;
var passwordField;
function doLogin(){
loginField = document.getElementById('u ser_ln');
passwordField = document.getElementById('u ser_pw');
if(loginField.value == ""){
alert("Please enter your login name.");
loginField.focus();
loginField.select();
} else {
if(passwordField.value == ""){
alert("Please enter your password.");
passwordField.focus();
passwordField.select();
} else {
validateAllInput(); //filter out html tag
var loginForm = document.getElementById('l ogin_form' );
loginForm.action = '/utils/UserLogin';
loginForm.submit();
}
}
}
</script>
</head>
</body>
<form id="login_form" action="">
User Login ID: <input type="text" id="user_ln" name="user_ln">
User Password: <input type="password" id="user_pw" name="user_pw" >
<input type="button" name="options" value="Login" onclick="login()">
</form>
</body>
</html>
when i click on the login button, it will submit to a servlet: UserLogin.
I notice that the url in the browser address become:
http://localhost:8084/utils/UserLogin?user_ln=jerry&user_pw=12
and the password is shown! is there a way to hide it?
tks
<html>
<head>
<script language="JavaScript">
var loginField;
var passwordField;
function doLogin(){
loginField = document.getElementById('u
passwordField = document.getElementById('u
if(loginField.value == ""){
alert("Please enter your login name.");
loginField.focus();
loginField.select();
} else {
if(passwordField.value == ""){
alert("Please enter your password.");
passwordField.focus();
passwordField.select();
} else {
validateAllInput(); //filter out html tag
var loginForm = document.getElementById('l
loginForm.action = '/utils/UserLogin';
loginForm.submit();
}
}
}
</script>
</head>
</body>
<form id="login_form" action="">
User Login ID: <input type="text" id="user_ln" name="user_ln">
User Password: <input type="password" id="user_pw" name="user_pw" >
<input type="button" name="options" value="Login" onclick="login()">
</form>
</body>
</html>
when i click on the login button, it will submit to a servlet: UserLogin.
I notice that the url in the browser address become:
http://localhost:8084/utils/UserLogin?user_ln=jerry&user_pw=12
and the password is shown! is there a way to hide it?
tks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
btw, i think u mean method="POST" ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yeah sorry... i meant method="POST"..
i agree.. it isnt very safe... J2EE has many built-in security features specifically for this...
check out..
http://e-docs.bea.com/wls/docs70/webapp/security.html
-KuTtZ
i agree.. it isnt very safe... J2EE has many built-in security features specifically for this...
check out..
http://e-docs.bea.com/wls/docs70/webapp/security.html
-KuTtZ
ASKER
WelkinMaze, i'm running on https at the server.. but when debug locally, i use http..
and i think i gonna close this question now. will post another question regarding security/encryption later.
tks
and i think i gonna close this question now. will post another question regarding security/encryption later.
tks
ASKER
but it is not shown doesn't means it is save right?
i think my browser got warns me about no encryption bla bla.. so, do u know any online resources that can help me to improve the security a bit?
big tks in advanced