Someone asked me to make him a dashboard where he can see all the links to manage his websites. He also wants to autologin to the website that he clicked.
To do this I'm trying to make a form for each url and send the username and password values with it. I echo them as variables but (ofcourse) they're still visible in the input types in the "inspect element" window.
How can I make this dissapear? Because it's not safe this way..
(side question: Is there also a way to add a target=_blank to this javascript?
<a href="" onclick="document.forms[0].submit(); return false;"></a> )
Someone asked me to make him a dashboard where he can see all the links to manage his websites. He also wants to autologin to the website that he clicked.
To do this I'm trying to make a form for each url and send the username and password values with it. I echo them as variables but (ofcourse) they're still visible in the input types in the "inspect element" window.
How can I make this dissapear? Because it's not safe this way..
(side question: Is there also a way to add a target=_blank to this javascript?
<a href="" onclick="document.forms[0].submit(); return false;"></a> )
F12 and menu -> developer tools. how are you going to disable that?
– Kevin
Commented
Mar 3, 2015 at 9:24
It is not possible to hide elements from the DOM inspector, that would defeat the purpose of having that tool.
Disabling javascript is all it would take to bypass right click protection.
What you should do is implement a proper autologin.
Most importantly, do not echo the users password in plain text to a page.
If you want to get about as fancy as possible you could serve up the data obsfuricated in some manner and de-obsfuricate it and run eval on it at the last minute.
Although this would mean that the data is still visible pletely in a javascript debugger.
UNLESS you want to get fancy !!
If you REALLY want to get fancy then it is possible to obtain ROP Chain code execution in webkit based browsers, you COULD use this to gain native code execution capacity, once you have that then you can have your app download the required variables and inject them into something that cannot be debugged via the JS debugger built into most modern browsers ( or alternatively just disable the debugger)
Of-course you could always just implement in the server, its significantly less effort than locking a user out of their own browser.
You Cannot. Debuggers are designed for debugging HTML and Javascript.
But you can try disabling Right click.
Check this link
http://developersdigest.blogspot.in/2013/10/disable-inspect-elementsource-viewing.html
Another way is that you can use sessions to store user variable so it can be accessed only on server side.