How to hide or encode the parameter while passing to a new window?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • rkyakkala
    New Member
    • Oct 2010
    • 11
    #1

    How to hide or encode the parameter while passing to a new window?

    Hi,

    In my webapplication i am opening new window by passing some parameters.i am passing password also as parameter.But i need to hide it or encode it.
    how can i do this.Following is my code:


    Code:
    function getUrl(gsamName,deviceName,userName,passWord){   
window.open("./viewMapToolScreen.html?com.smarts.autoAttachDM="+gsamName+"&class=com.smarts.webapps.SmWebMapApp&com.smarts.launch.class=UnitaryComputerSystem&com.smarts.launch.instance="+deviceName+"&com.smarts.map.showAllBusiness=1&com.smarts.userid="+userName+"&com.smarts.password="+passWord);   
}   
  
  
function validate_form()   
{   
        valid = true;   
        if ( document.map_form.contract.selectedIndex == 0 )   
        {   
                alert ( "Please select Contract Name" );   
                valid = false;   
        }   
  
                getUrl(document.map_form.gsamName.value,document.map_form.devicename.value,document.map_form.userName.value,document.map_form.passWord.value);   
  
       }   
}   
  
<input type="hidden" name="passWord" value=<%=session.getAttribute("GSAM_PASSWORD")%>></input>   
 <input type="submit" name="submit" value="Show Map" class="button" onclick = "validate_form();"/>  
function getUrl(gsamName,deviceName,userName,passWord){
window.open("./viewMapToolScreen.html?com.smarts.autoAttachDM="+gsamName+"&class=com.smarts.webapps.SmWebMapApp&com.smarts.launch.class=UnitaryComputerSystem&com.smarts.launch.instance="+deviceName+"&com.smarts.map.showAllBusiness=1&com.smarts.userid="+userName+"&com.smarts.password="+passWord);
}


function validate_form()
{
        valid = true;
        if ( document.map_form.contract.selectedIndex == 0 )
        {
                alert ( "Please select Contract Name" );
                valid = false;
        }

                getUrl(document.map_form.gsamName.value,document.map_form.devicename.value,document.map_form.userName.value,document.map_form.passWord.value);

       }
}

<input type="hidden" name="passWord" value=<%=session.getAttribute("GSAM_PASSWORD")%>></input>
 <input type="submit" name="submit" value="Show Map" class="button" onclick = "validate_form();"/>
    Regards,
    rama
    Tags: None
    • Dormilich
      Recognized Expert Expert
      • Aug 2008
      • 8694
      #2
      you can only obfuscate it. but anything generated/processed on the client side can be viewed by the user (though it may require more or less effort).

        Comment

        • rkyakkala
          New Member
          • Oct 2010
          • 11
          #3
          Hi Dormilich,

          Good to see your reply.
          is there any chance for me to encode password like ****.
          waiting for your suggestion.

          regards,
          rama

            Comment

            • Dormilich
              Recognized Expert Expert
              • Aug 2008
              • 8694
              #4
              you can "encode" your password like that in the HTML display, but the application receiving the password won’t be able to decode it from the URL string.

              besides that, experienced hackers can go linewise through your JavaScript code and visualize any occuring variable content (including the raw password before "encoding") (depending on the intention of the user this is called either cracking or debugging)

                Comment

                • Rabbit
                  Recognized Expert MVP
                  • Jan 2007
                  • 12517
                  #5
                  Here's the usual procedure.

                  1) Establish a secure connection using public key cryptography.

                  2) Encrypt the password or password hash using the public key.

                  3) Once authenticated, switch to private key cryptography for speedier transactions.

                  There's no need to reinvent the wheel. Use HTTPS, it's what it was made for.

                    Comment

                    Previous template Next
                    Working...