I have a web application designed to work on an internal network.
When a user logs in (using standard POST, asp.net, HTTPS), I need to save the username and password, and then use it in javascript on one specific page. (for access and management of ActiveX)
The obvious problem is that when you go to “view the source” on this page, you can see the username and password. I do not think there is a way to avoid this.
My question is: as soon as the user logs out ... IE7 or IE8 store this whole page? If so, how would I view it? (to check if this username and password are easy)
If the content of the entire page is not cached / stored in history .... then using javascript username / pw is not so great for security, since the user must already be registered in order to receive data. I'm right?
Thanks in advance for your thoughts / comments!
Andrew
development:
I have to create an ActiveX object, ... then connect to it in javascript ... I store passwords in the session ... but I need to put them in javascript to connect to the control: i.e.
myactivexcontrol.credentials.username = "username";
myactivexcontrol.credentials.password = "password";
myactivexcontrol.connect();
The username and password are the same as the web application login ...
source
share