All geek questions in one place

Classic ASP post with sensitive fields

helping my friend with his old ASP site and ran into a problem, so I wanted to quit this to find out if I could get help.

A site basically needs to send POST data to another page, which it does well. The problem is that he needs to READ the username / password on the receiving page, and the site currently holds this in hidden fields, which is clearly not suitable, since you can see it in the source code.

How can you pull data on an ASP page without hiding it in the input field? I know that it can be saved as a variable, but then I can not perform POST, and if I put this variable in the input value field, it will appear in the source.

Any help would be appreciated.

Thank!

+3
source share
2 answers

he needs to READ username / password on the reception page

No no.:)

If two pages are part of the same site, use the Session object.

If two pages are on different sites, everything is more complicated, but the idea is similar. I assume this does not apply to you, but if so, take a look at OAuth. (For example, when you log in, you use authentication from another site, but stackoverflow never sees your password for this site. Same idea.)

+4
source

Create a database table that looks like

 uniqueidentifier   SessionId
 varchar            Username
 varchar            Password

Save the SessionId in a cookie with Response.Cookies.

SessionId cookie JavaScript ajax , SessionId JSON. javascript . - , , , - <input type="hidden" id="username" name="username" value="DefaultUserNameValue" />. javascript, .

0

Source: https://habr.com/ru/post/1794035/

More articles:


All Articles