We are a lead generating company and have developed one application where our customers can manage their leads and users.Our Customers are other companies who uses our web application to manager their leads.
Now our customers want to use some data from our web application and get it displayed on their own Website So we have developed one small utility where adding some lines of code they are able to display their own data on their own website from our Web Application.
Now my question is when somebody do a view source of the application page then they can see the user credentials and anyone can copy paste that code and run it in the browser and can see the data.
We are trying to do same thing as AdSense the only difference is AdSense displays any ads here we will be displaying data of only our Customer.
How to stop this issue ?
If the end user can see the login info via view source then it sounds like you are either doing an ajax call in the browser or using inline frames.
Short answer: You can’t salvage that.
The right way to do this is to have your clients web server issue the call to your web server to pull the data it needs, then format it and present it to the browser.
This way the login info is only shared from server to server without the end client browser knowing where it ultimately came from.
Regarding AdSense’s mechanism: they really don’t care that the data can be accessed individually by anyone. Check that: they like the idea of that data being accessed by anyone. It’s not only not secure info, they have a desire for it to be publicly available. With that in mind, their solution isn’t one you should be pursuing.