0

I have a log in form whose submit button calls a javascript function on clicked.

<form class="fvalidate" action="/giris" method="post">
    <span class="title">E-Mail<strong class="false"></strong></span>
    <input type="text" name="Email" class="email required" />
    <span class="title">Password</span>
    <input type="password" name="Password" class="required" />
    <input type="submit" value="LOG IN" class="mTop15" onclick="return myClickHandler();"/>
</form>

<script type="text/javascript">
    var myClickHandler = function () {
    var $form = $('form .fvalidate');
    var $login = $form.find('input :text').first().val();
    var $password = $form.find('input :password').first().val();
    if ($('input[name="Email"]').val() == "admin@company.com" 
     && $('input[name="Password"]').val() == "123456") {
        ibFunc.openBoxOpen('/giris/ilan');
        return false; 
    return true;
}
</script>

If someone press F12 on any browser he can display the email and the password. What's the way to prevent this, at least the password?

Jude
  • 2,353
  • 10
  • 46
  • 70
  • 4
    The best solution is to have the authentication be performed on the server, not the client. – Rowan Freeman Dec 15 '13 at 22:39
  • I need to check them before posted to server. You mean no way at all? – Jude Dec 15 '13 at 22:49
  • 1
    Get the SHA hash of your password and use this library : http://sourceforge.net/projects/jssha/. But @Rowan Freeman is right, the safer way is a server side validation. – user3041160 Dec 15 '13 at 22:50
  • 1
    @Jude It can be done but not in a way that is best practice. It can be done with hashing as suggested by user3041160, but it's probably a bit of a dangerous solution. – Rowan Freeman Dec 15 '13 at 22:56
  • OK, thanks for thoughts. Similar post [here](http://stackoverflow.com/questions/4121629/password-encryption-at-client-side) – Jude Dec 15 '13 at 23:06

0 Answers0