Best way to hide a form input field from being accessed using firebug?

Question

I have a form which is posted to an external API. There is a parameter called customer_token which is passed as an input field. It is used for authentication by the API and

Answer 1

This is not possible. Firebug just reads the DOM in it's actual state, so even if it's added in a later stage, it can still be retrieved.

This way of security is called Security through obscurity and is a kind of non-security. You would have to solve it another way, like letting the server do the request in stead.

You let the user submit the form to the server. Then with curl, you make the call to the webservice with the correct user code.

Answer 2

I don't think this is possible I'm afraid.

Firebug will still see the element if it's inserted via Javascript, as it watches the DOM tree. If this input exposes a security vulnerability then it's the job of your server-side code to validate/fix it.

More details on the API might help somebody answer this question in more detail.

I hope this helps