In my html I'm using hidden value as :<input type="hidden" value="secure" name="first"> but the problem is when I see in browser console value is displaying .How to hide this?
The browser belongs to the visitor. You can't give the browser anything without giving it to the visitor as well.
If you don't want to visitor to have access to data, then never give it to the browser in the first place.
Keep the data on the server and send the browser a session token instead.
You can't. The whole point of a client/server based setup, like 'the web' is by definition, is that everything you transmit to the client can be read by any client.
If you need to secure data from the end user, keep it on the server side. There are a myriad of possible solutions for this, like sessions, cookies and preshared keys, to sync serverside storage with the client.
Related
I'm stuck having to work around an existing bad design.
Our client team will (for logging reasons apparently) have to inject a dynamic value somewhere into their request URL even for the same resource. This of course busts all client side caching as the browser sees it as a new resource.
My question: Can anything be done so the browser can recognize these dynamic urls as the same? Some magic header? Tricky use of etag? Anything?
I have a simple web server going on an Atmel embedded processor. It's a Cortex M4 and it's only running FreeRTOS as an OS; this is not a high powered processor.
I can have it [the Atmel processor] serve up a page by typing in Firefox:
192.168.0.200
This renders a page with drop down boxes and a submit button that enables me to pass data back to the server to control the hardware.
I am using the follwing kind of HTML. Please note, it looks slightly odd because it's in a C string:
"<form> \
<select name=\"group\"> \
<option value=\"10\">10</option> \
<option value=\"11\">11</option> \
<option value=\"12\">12</option> \
<option value=\"Broadcast\">255</option> \
</select> \
<input type=\"submit\" value=\"Submit\"> \
</form>"
You can see that, in its address bar, the browser then has something like:
192.168.0.200/?group=4
When the web server on the emebedded processor gets that message in, I can happily parse the line, extract a group number and act on it.
However, I have to send back another page to the browser when I get the
192.168.0.200/?group=4
message into the Atmel processor. Otherwise I get a timeout message. I can happily send the original page back again and it essentially works, but sending the page back resets the values of what the drop down boxes have changed to.
Is there a way of making the browser send a message that the server can parse, but not have to send out the full page again? I guess I'm needing to use something like a POST command, but I don't know how to do that from a web page. I should say that I am experienced in C, but have no HTML knowledge other than what I have learnt in the last few days, so it may be something easy that it completely eluding me from cramming in all this learning this week!
I don't want to/assume I can't use Javascript, because I have such a simple server I need to keep it as simple as possible.
Thanks!
Is there a way of making the browser send a message that the server can parse, but not have to send out the full page again?
Forget about the browser.
Have the server respond with a 204 No Content response instead of a 200 OK response.
If the client is a user agent, it SHOULD NOT change its document view from that which caused the request to be sent. This response is primarily intended to allow input for actions to take place without causing a change to the user agent's active document view, although any new or updated metainformation SHOULD be applied to the document currently in the user agent's active view.
I don't want to/assume I can't use Javascript, because I have such a simple server I need to keep it as simple as possible.
JavaScript runs client side. You don't need the server to do anything complicated to serve JS. You can even embed it in the HTML document.
You could use Ajax to solve your problem instead of a No Content response.
Trying to retrieve the value of a input field in a external site's webpage. They wont change the headers. So been told to use Jsonp. Never used this. Anyone have any examples or can point me in the right direction?
Outline:
External Site:
<input type="hidden" id="ImHiddenGetMe" value="Get Me If You Can">
Cannot use ajax/jquery as they wont change the headers to allow the cross domain.
For using JSONP the other server must provide an interface to it. For example: The other server must provide an URL like
http://other.com/getvalue?jsonp=callbackFunction
This URL must sent JavaScript code like
callbackFunction({ value: "Get Me If You Can" })
If the other server does not provide such an interface and do not provide the Access-Control-Allow-Origin Header necessary for Cross origin resource sharing you cannot load the other site via AJAX.
But you can always program a crawler which stores the value periodically on your server (where you can use it). Please respect the other server's robots.txt in this case.
I want to make a turn based game (Something like Checkers) with the help of Servlets and jsp pages.I created a page that has a newGame button that redircet to the gamePage(It redirect the first into a Black.jsp and the other request will be redirected to Red.jsp).
My problem is ,how could I refresh the other jsp automaticaly if one of them changed.
Note:After the change in one of the jsp it redirect the request to servlet and servlet update the changed jsp graphics.but the other jsp stay inactive.I want to make it active.
Thank You
It sounds like what you need is Comet. Here's an overview of how it works.
http://www.ibm.com/developerworks/web/library/wa-cometjava/
Basically, the "other" user's browser will send a request to a servlet to get an update, but that request won't receive receive its response until the current player makes a move. This gets around the problem posed by the fact that, with traditional HTTP, the browser always has to be the one sending the request to the server, it can't be the other way around.
There are some variations on the technique. Now that you know the name, I'm sure you'll be able to find lots of useful information about it.
There's another technology called WebSocket which can also serve this purpose, but it requires additional capability built into the browser and, as of now, probably not all of your users will be using compatible browsers.
I'm no expert on web development, and need to find a way to let the browser call a PHP routine on the server with the current document ID as parameter, eg.
http://www.acme.com/index.php?id=1
I then need to call eg. /change.php with id=1 to do something about that document.
Unless I'm mistaken, there are three ways for the client to return this information:
if passed as argument in the URL (as above), it will be available as HTTP referrer
by including it as hidden field in
by sending it as cookie
I suppose using a hidden field is the most obvious choice. Are there other ways? Which solution would you recommend? Any security issues to be aware?
Thank you.
You can also POST the data so it won't be seen in the URL with ’form method = "post" ’
All of these methods are, to a point, insecure as they can be manipulated by a savvy user/hacker. You could https your site, limiting any man in then middle attacks. Be sure to check and validate incoming data
Ajax is another option as well, and it allows you to send that information without refreshing the page.
http://www.acme.com/index.php?id=1
The above url would be more "browser friendly" if you transform it into something similar to this:
http://www.acme.com/index/page/1
I am sure you can achieve this in Apache. Or Java Servlets.