Passwords not in hidden INPUT boxes??

Results 1 to 3 of 3

Thread: Passwords not in hidden INPUT boxes??

  1. #1
    Join Date
    Dec 1969

    Default Passwords not in hidden INPUT boxes??

    Somebody replied on my old post saying:<BR>------------------<BR>It is always a bad idea to pass the passwords and user ids along in hidden forms, all someone has to do is view the source code to get access to this data. Remember that these pages are highly likely to be cached by the browser, so if someone is on someone elses computer, they can look in the history folder at your pages and get their passwords. <BR>------------------<BR>Okay my logical question: how do I pass passwords and usernames on to the next .asp file without using hidden input boxes?? I somehow need to METHOD="POST" them to the next page, don&#039t I?

  2. #2
    Join Date
    Dec 1969

    Default session obj

    one method is to try and use session obj, easy

  3. #3
    Join Date
    Dec 1969

    Default Keep your Passwords and Usernames in the db

    Phil,<BR><BR>My advice that you should keep your Passwords and Usernames firmly hidden in the database.<BR><BR>For example, if you were a user on my site you would have:<BR><BR>Username &#039always hidden in the database.<BR>Password &#039always hidden in the database.<BR>UserID &#039an IDENTITY (Autonumber) field in the database.<BR><BR>Now, when you are browsing my app. I will firstly identify you by asking you to enter your USERNAME & PASSWORD.<BR><BR>We use the POST method of the form to pass them to the next (ASP) page where they are validated against values in the database.<BR><BR>Then I set a Session value such as:<BR><BR>Session("ID") = database("UserID") &#039The database ID field.<BR><BR>I hope this makes some sense (it was written in haste).<BR><BR>But as you can see the Password and Username are not used after the initial POST to validate you.<BR><BR>HTH<BR><BR>Darren<BR>[ ]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts