I've struggled with this for days... I am pulling a userID and password (plain text) from a table and storing it in hidden fields on a page. A link on the page send the form data (POST) to a form handler on another server (WebSphere). The two fields must be plain text when sent.
The problem is that the form fields on my side expose the password if someone views the source.
Is there a way to mask the password but still send it as plain text through the form post??
CODE:
<form action='http://somewhere.somplace.com:8888/xdesk/loggedon.do' method='post' name='loginform'>
<input type=\"hidden\" name=\"loginName\" value=\"$exprow[26]\">
<input type=\"password\" name=\"password\" value=\"$exprow[27]\" style='visibility:hidden; z-index:10; position:absolute; left:-5000;'>
<input type=\"submit\" value=\"Review/Add Support Calls\" id='invbutton'>
Viewed Source:
<form action='http://somewhere.somplace.com:8888/xdesk/loggedon.do' method='post' name='loginform'>
<input type="hidden" name="loginName" value="express">
<input type="password" name="password" value="express" style='visibility:hidden; z-index:10; position:absolute; left:-5000;'>
<input type="submit" value="Review/Add Support Calls" id='invbutton'><br>
As can be seen the "value=express" shows the password to anyone that cares to look... That combined with the action line in the form (fake one used here) will let everyone know how to get in.
I just need to hide the password value... any help would be appreciated. I am willing to use JavaScript is necessary but was hoping there might be apure PHP way to do it. Passing the info trough another page is OK too as long as the user does not have to click another link or anything.
Thanks in advance
Larry
