I have an HTML form:
<form id="form" action="Secret.asp" method="POST">
This form sends data from my website visitor to a database.
I want to hide it so that whoever sees my HTML will not be able to send data to my ASP file.
Or maybe there is another way to block an ASP file from anyone but the HTML file?
I suppose you could set up a default document on a virtual directory, and set the action to that. Then your user wouldn't see the page name, but the form data would still get posted.
The bigger question is... why do you want to do this? If it's a matter of security through obscurity, this is the wrong approach. Whatever page receives the form data should not trust it at all, and should sanitize anything going into a database anyway.
No.
If you want browsers to be able to send data to a URL, then you have to tell them what that URL is.
Anything you tell a browser, you tell to the user in control of that browser.
No matter what you do, anyone can see their own HTTP requests going out to your server.
If you press F12 on Chrome or Firefox you can see your incoming and outgoing traffic, so it's useless to try and do anything about it.
If you want to secure something, that's not the way to go about it.
Related
Suppose we have a login page where, in the first stage, we are asked to enter our email. We send this information to the server, which searches whether there is an account with this email, and if there is, our goal is to change the state of the page, to a page where the user is asked to enter the password for this account. If, on the other hand, there is no account with that email, the state of the page changes to one where the user signs up. And let's say that, for the sake of aesthetics, all this happens using the same url.
My question is, what is the correct way to inform the client's page to what stage to go into?
Sending the whole html code is an option, but this seems like it will put too much pressure on the server. Is there a cleaner way, that we can send less information, and still be able to have the same result?
I am new to django and web dev so please explain thoroughly.
For a browser engine submitting a form with email is a new page request and a new rendering of HTML after that. The source of new HTML code is your server with Django, so you should generate a new HTML with a relevant template and send it as a response.
Such user provoked events change a state of your application for a given user session, not a page.
For speed you can use caches for styles, for menus, for HTML snippets (headers and footers).
Also you can make a one-page application, but you must use JavaScript framework for it. Then your JavaScript code executing in client's browser can request concise JSON with necessary information instead of full HTML.
Then your JavaScript framework is responsible for a correct insert new dynamic HTML elements in the current document object model (DOM).
Think of it like a login page. You type in all the credentials and click login. But I wanna check the username and password are correct or not and they will be in my database. So i use a API to communicate. And then u click login then through JavaScript i send a request but then the browser totally changes the page. All i want is the result but the browser changes the URL. Is there a way to do it?. Currently I am letting the page redirect back, its working fine but it just looks ugly.
Sorry i didn't include any code, I thought Code isn't necessary.
It's difficult to guess without seeing the code.
Anyway, are you using fetch?
Fetch is used if a browser should not navigate to a new page. The response is processed using Javascript instead.
Take a closer look at the fetch API, I think it can solve your problem.
I have a feedback page in my website. In my website's homepage, when someone clicks on 'Feedback', it will open a modal window to ask a human verification question. If the response is correct, i want to programatically open the url to my feedback page.
My concerns is:
The feedback page should not be accessible by directly entering the url,i.e., www.mysite\feedback.html. How can i prevent this from opening my feedback page?
I'm also aware that my anti-spamming effort isnt the best option, but for now i dont need a robust mechanism.
Any solution?
Thanks.
Why don't you just put the CAPTCHA on your feedback page?
If that's not an option you need to use sessions to store the "captcha passed" flag and check for it on the contact page (also in your server-side code). After successfully submitting the form you need to clear the flag so someone cannot spam manually after completing just a single captcha.
You should be able to access the Referrer header of the request in your web platform. You can check this value to see if the referrer is from a page you accept. If not, you can return a 403 or whatever response, and if so, you can return the actual page. You will need access to a server-side framework, such as PHP or ASP.NET. Note, however, that it is easy to create HTTP requests and spoof the Referrer header.
im in the middle of creating my website and need some help with stopping people from going to a page in my website manually. Basically, i've set up a contact form and once it's filled in, it sends you to a thankyou page. I want to stop people going to that page manually by typing in the url for it. I want them to only be able to access it by filling out the form and hitting 'send'.
Firstly, is this possible, and if so, HOW?!
Thanks in advance!!
Have the page as the response to the POST and don't redirect to it.
You'll need to use a redirect in combination with some kind of persistent storage (DB, cookie, session).
Essentially on the thank you page, check that they came from the contact form, via persistent storage, otherwise redirect them.
Maybe you can check the http method. If it is post, presumably the user used the form. If it is get, presumably they typed the address themselves.
Good luck!
You can insert a special hidden hash value in your form and check for it on the page you redirect to. It's not foolproof though.
How can i disable browser from going back to a particular page? My scenario is
Login page -> change password page ->user returns to login page again-> (on browser back should not go back to change password page) but currently it goes to the change password page. I am currently working on a grails application. How can i solve this issue?
You can't stop users from going back if they want to, because a browser can do whatever it feels like.
But if you only want to prevent users from going back accidentally, then just make the "change password" page only appear in response to an HTTP POST (not just a URL link, which is an HTTP GET request). Most browsers will give a warning about re-submitting the form if the previous page was the result of a POST request.
Use javascript's location.replace() function:
http://www.roseindia.net/javascript/javascript-location-replace.shtml