-1

I have a simple Pan card no : xxxxxxx7654 , which i am showing using jsp in the browser. Now , if i use the view source functionality of the browser or the firebug tool or chrome bug tool, then i will be able to see the text in the DOM. Now, I want to get the text displayed in browser, but want to hide it from prying eyes of people who will be using fire bug, chrome bug or View Source of a browser .

The field name is PAN_CARD_NO.

I display it using : <p id ='My_Pan'>My Pan is :<%= PAN_CARD_NO %></p>

Now this brings the value in the browser, which is nice and dandy, but i don't want it to be shown using fire bug or chrome bug or view source.

Does any body have any suggestions as to how it can be done ?

The Dark Knight
  • 5,455
  • 11
  • 54
  • 95
  • 1
    Best you could do is encrypt the value. but it looks like you want to show the value to the user, so I don't see the point in hiding it in the page source. – Jason P Aug 06 '13 at 14:24
  • 1
    Can't be done, once it's in the DOM it will be visible, best you can do is somwhow obfuscate it, use SSL etc. – adeneo Aug 06 '13 at 14:24
  • @People_Who_Downvoted_It : I don't see why you guys randomly down vote a question, without having the decency of explaining the reason of having done that. I think it's a pretty important question. Read the stack rules. – The Dark Knight Aug 06 '13 at 14:27
  • @adeneo : Can give me a few pointers as to how i can obfuscate it using SSL. Some examples perhaps... – The Dark Knight Aug 06 '13 at 14:28
  • @TheDarkKnight It might help if you could explain **why** you want to do this. – Jason P Aug 06 '13 at 14:29
  • @JasonP : Well it's necessary for security reasons. especially to avoid cross site problems, or random data phishing . – The Dark Knight Aug 06 '13 at 14:30
  • I think you were downvoted because this is a higly basic question for which you find answer in 5 seconds using google ... Btw as several people said you can't hide text from debugging tools once it is displayed, so to "hide" it you may avoid sending it as text, for example you can generate an image ... – yent Aug 06 '13 at 14:30
  • @yent : Thanks, your suggestion makes sense. Is there any thread where it has been discussed in detail. Will be of great help to me, if it is .. – The Dark Knight Aug 06 '13 at 14:32
  • @TheDarkKnight the simple fact is that if you intend to include it on the page so that it's visible, as in your sample display code, you absolutely cannot protect it from view via browser tools. – Pointy Aug 06 '13 at 14:33
  • Maybe, depending on what server side language you use, try to look for inline images as it will reduce the amount of work thats needed (no separate endpoint with session data handling ...) – yent Aug 06 '13 at 14:34
  • @yent : I am using Java. – The Dark Knight Aug 06 '13 at 14:35
  • @TheDarkKnight I know almost nothing about java, generating images using java is a separate question, google will help you ... – yent Aug 06 '13 at 14:37

1 Answers1

0

The source of the page is what is delivered to the browser to be rendered. Because of that, anything that you want to present to the end user in the browser will be visible in some way in the source code. There are no work-arounds here. If it is displayed in the browser, the end user has access to it in one way or another.

If your goal is to not show the whole PAN card number, that should be done on the server side, before it's delivered to the browser. In this case, you make sure that the PAN_CARD_NO variable only contains something like xxxxxxx7654. With this method, full PAN card number is never delivered to the end user.

If your goal is to prevent unauthorized users from viewing the PAN card number, then you need to make sure that you only deliver the card number for the authenticated user. This will require you to have the user authenticate themselves to the server in some way (e.g. logging in).

Carson Darling
  • 310
  • 1
  • 9