Hi,
for a security reason I experienced, I wish to ask you guys is it possible that before submitting a form's input values (actually happens when the user fills the form in and presses the submit button), every field that she fills in could be passed and stored on the server individually and how? (in a php code)
Thanks for any quick response!
very dynamic
Moderator: General Moderators
-
Mark Baker
- Forum Regular
- Posts: 710
- Joined: Thu Oct 30, 2008 6:24 pm
Re: very dynamic
It's possible using javascript to trap change of fileds, and then an ajax call to pass that information to the server, but I wouldn't recommend it, and would refuse to visit any page that did it.daregazi wrote:for a security reason I experienced, I wish to ask you guys is it possible that before submitting a form's input values (actually happens when the user fills the form in and presses the submit button), every field that she fills in could be passed and stored on the server individually and how? (in a php code)
It's the same basic principle that keyloggers use.
There is no need for it, security or otherwise, so why do you want to do it?
Re: very dynamic
Actually I dont wanna implement it, but I visited a page and I suspect that it might have had such a feature on. I looked at the page source code and there was only a javascript function to validate the form on submission, nothing else I could see of any Ajax code.
Shall I still suspect that you think that my visit to that page and un-complete data entry was harmless??? (I mean Ajax functionality of sending data to server asynchronously was off?? )
Thanks again
Shall I still suspect that you think that my visit to that page and un-complete data entry was harmless??? (I mean Ajax functionality of sending data to server asynchronously was off?? )
Thanks again
Re: very dynamic
You could do something like like including a salt in a hidden field, when the form is submitted javascript reads the salt and hashes the raw password + the salt and replaces the text fields, salts would be kept track of on the server side, essentially you can block out replay attacks in case your login isnt behind SSL ( also SSL has been cracked ).
Re: very dynamic
They most likely still have server side validation though.daregazi wrote:Actually I dont wanna implement it, but I visited a page and I suspect that it might have had such a feature on. I looked at the page source code and there was only a javascript function to validate the form on submission, nothing else I could see of any Ajax code.
Shall I still suspect that you think that my visit to that page and un-complete data entry was harmless??? (I mean Ajax functionality of sending data to server asynchronously was off?? )
Thanks again
Re: very dynamic
Mark Baker,
thanks for your reply! I cannot see any ajax code or extra javascript code inside the page source code. Do you think that it is unlikely to have asynchronous data transfer between what is inserted into the client side form input fields and the server? Or still those ajax code could be hidden from the page source code?
and also you said that you would refuse to visit such pages! How are you going to know that a page (containing a form) you are visiting has got this feature on???
appreciate your reply.
thanks for your reply! I cannot see any ajax code or extra javascript code inside the page source code. Do you think that it is unlikely to have asynchronous data transfer between what is inserted into the client side form input fields and the server? Or still those ajax code could be hidden from the page source code?
and also you said that you would refuse to visit such pages! How are you going to know that a page (containing a form) you are visiting has got this feature on???
appreciate your reply.