[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java w/Cookies
>All over the world there are lots of servers, where you have to identyfy
>yourself with username and Password. Of course, Netscape (and other
>Browsers to) will remeber the last things you entered, but only during
>the current session. So far, so good.
>Having that in mind, I think it would be a goog thing to have a page with
>lots of links to password protected pages, where all the username and
>Passwords are stored as cookies on client side, once they have been
>entered. You know what I mean?
I've been developing CGI applications that require an account and
password to be propagated to the successive pages that make up the
CGI application. Initially, I started using hidden text fields to do
this, assigning the account and password values each to a hidden field.
The CGI program read these values on submission of a form, and stores
them as hidden text fields in the resulting HTML code that makes up the
following page. Just keep on doing this for all successive pages of a
CGI application that generates dynamic pages.
The problem with this approach of using hidden text fields is that the
account and password values are stored as clear text in the HTML code.
Someone can inadvertantly disclose their account and password by
printing or displaying the HTML code that makes up one of these pages
the CGI application in their browser.
One thing that I have done is using Netscape frames in addition
to the hidden text fields in CGI applications. As far as I can find out,
there is no way to directly print or display the HTML code of a frame
in a page being displayed in the current Netscape browser.
I know there has to be a better, more secure way than this to
propage user authentication information in a CGI application. Has anyone
developed a better technique than this ?
mailing list software, please send a message to 'firstname.lastname@example.org'
with the message body 'help'. To unsubscribe, send a message to