0

Hi All,

I had a question in my mind from last couple of days regarding passing data through url, and accessing the same in the page. I want to pass the data as query string, and also access the same in the page, but I don't want the end user to see the query string in the url, as because this increases vulnerability of the application by allowing the end user to play with the query string and view unwanted data. Basically I wish to hide my query string. If any body has any idea/suggestion on this, then please come forward with your suggestion.

Thanks and regards

Dipak

Edited by dipakatcvrca: n/a

3
Contributors
8
Replies
11
Views
6 Years
Discussion Span
Last Post by @developer
0

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings
- use method=post instead of method=get, so variables are not sent through the query string
- or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.

0

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings
- use method=post instead of method=get, so variables are not sent through the query string
- or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.

Hi arrgh,

You might be right, but I am more concerned about clicking any link and moving to some page with data as url variable. Its a good idea to make use of post method type in place of get. But that is not a solution which I am looking for. Any way thanks for your trial. I am still waiting for some more suggestions, if somebody think that this is possible in any way, either by server side coding or by Javascript coding. Any suggestion is most welcome.

Thanks

Dipak

0

Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

Edited by arrgh: n/a

0

Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

Hi arrgh,

I guess you are right. Thanks for all your interest in the post. But if any body come with any idea then he/she is most welcome. So let the post remain as unsolved.

Thanks

Dipak

0

Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.

0

Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.

Finally I got to know how we can hide url variables while traveling from page to page clicking on links. If we are making use of frames in our web page, then it is not going to display the url variable in the address bar. It will only show the page url containing the frame set.
Ex.

<frameset rows="33,*" frameborder="NO" border="0" framespacing="0">
	<frame src="/test/basics/common/mainMenu.cfm" name="adminNav" frameborder="yes" style="border: 1px solid blue; margin: 2px;" scrolling="NO" noresize >
	<frame src="#cookie.thisPageLink#" name="mainFrame" frameborder="no" scrolling="auto">
</frameset>

Note. cookie.thisPageLink contains the default page for the frame.

Hope fully this will work for web developers.

0

dipakatcvrca, as arrgh said frames aren't the right solution. Its like making your site more vulnerable and going back in time. "Hope fully this will work for web developers" this ain't true.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.