0

how to do not trigger onChange event of textbox

asked 2020-10-09 22:13:02 +0800

vvcore gravatar image vvcore
3 1

updated 2020-10-10 10:40:05 +0800

By using Fiddler which can sniffer packet, while i enter text in the password textbox , I find the onChange event of textbox always is triggered。 Are there any solutions to avoid triggering the event? By using Fiddler, I get the following data: Name Value cmd0 onChange uuid0 nE3QK data_0 {"value":"111","start":"2"} And I do not want software like Wireshark or Fiddler can get the plaintext. So how can I avoid triggering the onChange event?

delete flag offensive retag edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-10-13 10:07:10 +0800

MDuchemin gravatar image MDuchemin
1758 1 5
ZK Team

Hi vvcore,

You would see the same payload information sent to the server if you were looking at the request generated by a pure html form using GET or POST method to send data to the server. This is a common privacy problem, but not a specifically ZK one :)

The question of privacy between client and server is generally solved by SSL (https). If the browser and the server communicate over a secure connection, the whole payload including headers is encrypted and cannot be read by a sniffer, a man-in-the-middle-attack, etc.

This is the basis for webpage security, and is the best solution to prevent 3rd parties from looking into your data payload.

Regarding the "Can I prevent onChange" from happening question: The answer is "probably not". The onChange event is how the client communicates to the server. At some point, you will need to send the password field value from the client to the server. You could do some prehashing, or pre-process the password in a number of ways before sending, but that would just move the issue back one step without encryption, since the attacker would still be able to just read the header value from the request.

tl;dr: try setting up your server to serve your page over https (with ssl), and you should not be able to use the packet sniffer to read the content of the transactions anymore

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
2 followers

RSS

Stats

Asked: 2020-10-09 22:13:02 +0800

Seen: 4 times

Last updated: Oct 13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More