Securing hidden fields in HTML Form

[yinyang]

Hi,

I'm using HTML Form to send information of my visitors (Visitor submit this form directly) to destination.com as follow:

<form name="form1" action="http://destination.com/receiver" method="post">
<input type="hidden" name="Login" value="My-Username">
<input type="hidden" name="Passwd" value="My-password">
<input type="hidden" name="Cust" value="John Doe">
<input type="hidden" name="Total" value="100">
<input type="submit" value="Submit">
</form>

But this is very big security issue, since people can use 'View Source' and get my login and username.

How to protect my login and password from being viewable to the world but the form still work ? May be hide it somewhere? Or other method?

Please advice.

Thank you.

 

[SV_Ngheo]

Simple, you can use a Program to encode your html code, so they can't view your sources!

 

[kabatak]

never put a password on a text input's VALUE field, its not a good practice.

 

[ezhost]

can you not do it as php

 

[TheSpaceDude]

Simple, you can use a Program to encode your html code, so they can't view your sources!

If the browser can read it, a person can too.

 

[DBers]

What language are you using? most, i know Java does for a fact, have "sessions", After the first time they log in, the servlet will keep track that they are who they ought to be. Its embedied in the session tag, very easy to do, in java anyway.

all this does is creat a cookie or something else (depending on server and user) that lasts as long as the user is on your website.

So you could just create your own cookie, i think that only lasts as long as a user in on the site.