Go Back   Computer Forums > Web Design | Website Development > Web Programming
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-20-2003, 10:43 PM   #1
Beta Member
 
Join Date: Aug 2003
Posts: 1
Default Need help hiding\encrypting ASP returned value in hidden field

This is for password recovery. A user enters their email address into a search field, which gets or posts to the results page. The results page contains hidden fields which collect information based on the entered email address, and pass that information to the page that processes the email to be sent. The results page automatically submits with BODY onLoad, but obviously still comes up for a few seconds. While the results page is up, the browser screen is blank white, but if you view source, you can see all of the collected information to be emailed. That's the problem.

This part of the code in particular:

<input name="txtBody" type="hidden" id="txtBody" value="
Hello,
This is an automated message. You can use the following login information to access our protected pages:

USERNAME: <%=(Recordset.Fields.Item("username").Value)%>
PASSWORD: <%=(Recordset.Fields.Item("password").Value)%>

Please let us know if you have any questions. Thank you.

Tech Support Dept.">

So it is easy to encrypt the ASP code itself with the MS script encoder, but the values still come back in HTML. Therefore, when you view the source, it looks like:

USERNAME: admin
PASSWORD: example

Or whatever the username/password for that particular user is. How can I hide this? Thanks a lot.
__________________

keith_ua is offline   Reply With Quote
Old 08-21-2003, 03:49 AM   #2
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default Re: Need help hiding\encrypting ASP returned value in hidden field

Quote:
Originally Posted by keith_ua
This is for password recovery. A user enters their email address into a search field, which gets or posts to the results page. The results page contains hidden fields which collect information based on the entered email address, and pass that information to the page that processes the email to be sent. The results page automatically submits with BODY onLoad, but obviously still comes up for a few seconds. While the results page is up, the browser screen is blank white, but if you view source, you can see all of the collected information to be emailed. That's the problem.

This part of the code in particular:

<input name="txtBody" type="hidden" id="txtBody" value="
Hello,
This is an automated message. You can use the following login information to access our protected pages:

USERNAME: <%=(Recordset.Fields.Item("username").Value)%>
PASSWORD: <%=(Recordset.Fields.Item("password").Value)%>

Please let us know if you have any questions. Thank you.

Tech Support Dept.">

So it is easy to encrypt the ASP code itself with the MS script encoder, but the values still come back in HTML. Therefore, when you view the source, it looks like:

USERNAME: admin
PASSWORD: example

Or whatever the username/password for that particular user is. How can I hide this? Thanks a lot.
I take it you then print the return values to the HTML page? Why don't you just send the details to the email address so then they never need to get sent back to the page?
__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:19 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0