How to keep form data from being viewed in source
Posted: Wed Jun 14, 2006 1:27 pm
Okay.
My work is developing an online store for their current (ASP) website.
The guy and I are trying to figure out how to obscure our form data so that a malicious user viewing the source can't read any of the data.
It's a crappy CC verification software and company and I have no idea how any of their stuff works. Their guide recommended that we use a server side language to pass sensitive information to the next page in the form.
All I can say is "WTF"?
My first thought was, instead of using "hidden" form fields, maybe we can use a server side language to post values we do not want seen to the next page. It's probably a stupid idea, but it was a thought.
The second thing I thought of was to simply encrypt the sensitive information. I think this would work best but he wants to hide the form names as well.
I remembered a neat trick I saw on a website once. They sell website templates and let you view them in their entirety but when you view the source it's a very long encrypted string surrounded by one or two functions that unencrypt and output it to the browser. Now, I don't know how or where they hid the actual function definitions but I know that the trick fooled me long enough for me to become disinterested and move on.
I am wondering if any of these methods will work, and what your recommendation for securing this data is.
Now, I know that this may not be enough to go on and I know as much about the problem as I have told you all. He just asked "how can i secure the data in this form so people viewing the source can't view it". I am merely trying to answer his question so please bear with me, even if it is a stupid one.
My work is developing an online store for their current (ASP) website.
The guy and I are trying to figure out how to obscure our form data so that a malicious user viewing the source can't read any of the data.
It's a crappy CC verification software and company and I have no idea how any of their stuff works. Their guide recommended that we use a server side language to pass sensitive information to the next page in the form.
All I can say is "WTF"?
My first thought was, instead of using "hidden" form fields, maybe we can use a server side language to post values we do not want seen to the next page. It's probably a stupid idea, but it was a thought.
The second thing I thought of was to simply encrypt the sensitive information. I think this would work best but he wants to hide the form names as well.
I remembered a neat trick I saw on a website once. They sell website templates and let you view them in their entirety but when you view the source it's a very long encrypted string surrounded by one or two functions that unencrypt and output it to the browser. Now, I don't know how or where they hid the actual function definitions but I know that the trick fooled me long enough for me to become disinterested and move on.
I am wondering if any of these methods will work, and what your recommendation for securing this data is.
Now, I know that this may not be enough to go on and I know as much about the problem as I have told you all. He just asked "how can i secure the data in this form so people viewing the source can't view it". I am merely trying to answer his question so please bear with me, even if it is a stupid one.