[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java w/Cookies

>All over the world there are lots of servers, where you have to identyfy 
>yourself with username and Password. Of course, Netscape (and other 
>Browsers to) will remeber the last things you entered, but only during 
>the current session. So far, so good.
>Having that in mind, I think it would be a goog thing to have a page with 
>lots of links to password protected pages, where all the username and 
>Passwords are stored as cookies on client side, once they have been 
>entered. You know what I mean?

        I've been developing CGI applications that require an account and       
        password to be propagated to the successive pages that make up the
        CGI application. Initially, I started using hidden text fields to do
        this, assigning the account and password values each to a hidden field.
        The CGI program read these values on submission of a form, and stores   
        them as hidden text fields in the resulting HTML code that makes up the 
        following page. Just keep on doing this for all successive pages of a   
        CGI application that generates dynamic pages.

        The problem with this approach of using hidden text fields is that the  
        account and password values are stored as clear text in the HTML code. 
        Someone can inadvertantly disclose their account and password by        
        printing or displaying the HTML code that makes up one of these pages 
        the CGI application in their browser. 

        One thing that I have done is using Netscape frames in addition         
        to the hidden text fields in CGI applications. As far as I can find out,
        there is no way to directly print or display the HTML code of a frame   
        in a page being displayed in the current Netscape browser. 

        I know there has to be a better, more secure way than this to           
        propage user authentication information in a CGI application. Has anyone
        developed a better technique than this ? 

This message came from the mailing list javascript. For help using the
mailing list software, please send a message to 'majordomo@obscure.org'
with the message body 'help'. To unsubscribe, send a message to
'majordomo@obscure.org' with the message body 'unsubscribe javascript'.