954,585 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

Hiding Query string.

Hi All,

I had a question in my mind from last couple of days regarding passing data through url, and accessing the same in the page. I want to pass the data as query string, and also access the same in the page, but I don't want the end user to see the query string in the url, as because this increases vulnerability of the application by allowing the end user to play with the query string and view unwanted data. Basically I wish to hide my query string. If any body has any idea/suggestion on this, then please come forward with your suggestion.

Thanks and regards

Dipak

dipakatcvrca
Newbie Poster
23 posts since Jul 2010
Reputation Points: 10
Solved Threads: 2
 
1 Year Ago
0

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings
- use method=post instead of method=get, so variables are not sent through the query string
- or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.

arrgh
Posting Whiz
381 posts since Dec 2008
Reputation Points: 32
Solved Threads: 47
 
1 Year Ago
0

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings - use method=post instead of method=get, so variables are not sent through the query string - or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.


Hi arrgh,

You might be right, but I am more concerned about clicking any link and moving to some page with data as url variable. Its a good idea to make use of post method type in place of get. But that is not a solution which I am looking for. Any way thanks for your trial. I am still waiting for some more suggestions, if somebody think that this is possible in any way, either by server side coding or by Javascript coding. Any suggestion is most welcome.

Thanks

Dipak

dipakatcvrca
Newbie Poster
23 posts since Jul 2010
Reputation Points: 10
Solved Threads: 2
 
1 Year Ago
0

Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

arrgh
Posting Whiz
381 posts since Dec 2008
Reputation Points: 32
Solved Threads: 47
 
1 Year Ago
0
Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

Hi arrgh,

I guess you are right. Thanks for all your interest in the post. But if any body come with any idea then he/she is most welcome. So let the post remain as unsolved.

Thanks

Dipak

dipakatcvrca
Newbie Poster
23 posts since Jul 2010
Reputation Points: 10
Solved Threads: 2
 
1 Year Ago
0

Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.

arrgh
Posting Whiz
381 posts since Dec 2008
Reputation Points: 32
Solved Threads: 47
 
1 Year Ago
0
Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.


Finally I got to know how we can hide url variables while traveling from page to page clicking on links. If we are making use of frames in our web page, then it is not going to display the url variable in the address bar. It will only show the page url containing the frame set.
Ex.

<frameset rows="33,*" frameborder="NO" border="0" framespacing="0">
	<frame src="/test/basics/common/mainMenu.cfm" name="adminNav" frameborder="yes" style="border: 1px solid blue; margin: 2px;" scrolling="NO" noresize >
	<frame src="#cookie.thisPageLink#" name="mainFrame" frameborder="no" scrolling="auto">
</frameset>


Note. cookie.thisPageLink contains the default page for the frame.

Hope fully this will work for web developers.

dipakatcvrca
Newbie Poster
23 posts since Jul 2010
Reputation Points: 10
Solved Threads: 2
 
1 Year Ago
0

You're not hiding the url variables. They'll still be just as visible in the browser history and as easy to tamper with.

Ugh... frames.
http://stackoverflow.com/questions/1203068/why-should-i-not-use-html-frames

arrgh
Posting Whiz
381 posts since Dec 2008
Reputation Points: 32
Solved Threads: 47
 
1 Year Ago
0

dipakatcvrca, as arrgh said frames aren't the right solution. Its like making your site more vulnerable and going back in time. "Hope fully this will work for web developers" this ain't true.

@developer
Junior Poster in Training
70 posts since Nov 2010
Reputation Points: 13
Solved Threads: 10
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed