You realize that "hidden" fields are not hidden, right? You just have to
view the source of the page in which they are embedded and you now know the
username and password, and that with every round-trip to the server, this
information is sent in plain-text (unless you are using SSL)? I would read
Hi all,
I have a login screen login.pl which calls another application
sampleEntry.pl. The login and password are passed to a multipage Sample
Entry program as CGI parameters
sampleEntry.pl?login=mylogin&password=mypassword.
These two parameters are used in one of the pages to login to
