RE: [cgiapp] Hiding Params in url

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cgiapp] Hiding Params in url

Subject: RE: [cgiapp] Hiding Params in url
Date: Thu, 10 Jul 2003 13:59:38 -0500
From: "Scot Robnett" <suppressed>

To save this state information, I use CGI and CGI::Session. All of the
params are stored inside the session object, but what gets passed in the URL
is a random 32 digit session ID rather than the nv pairs.

perldoc CGI

http://search.cpan.org/author/SHERZODR/CGI-Session-3.94/Session.pm

HTH,

-----
Scot Robnett
inSite Internet Solutions
suppressed


-----Original Message-----
From: Steve Comrie [mailto:suppressed
Sent: Thursday, July 10, 2003 1:50 PM
To: suppressed
Subject: Re: [cgiapp] Hiding Params in url


You could use forms on all of your pages instead of calling URL's with
parameters in them. I'd assume you might be doing something like having a
user click a link to edit an item and the link looks something like:
webapp.cgi?rm=edit&itemid=23&something=else&another=thing or something to
that effect?

Using a bit of JavaScript on your pages you could utilize something like:

<form method='post' action='webapp.cgi' name='mainform'>
<input type='hidden' name='rm'>
<input type='hidden' name='itemid'>
<input type='hidden' name='something' value='else'>
<input type='hidden' name='another' value='thing'>
</form>

And each link, instead of pointing to a url could look something like:

href="javascript: document.mainform.rm.value='edit';
document.mainform.itemid.value='23'; document.mainform.submit();"

Althought that's pretty long, you could write a re-useable javascript
function that could set the rm, the itemid value and submit the form all at
once.

It's important to make sure you use the 'POST' method though, as opposed to
the 'GET' in your form.

However, this doesn't completely hide the parameters (they'll still exist
inside hidden input fields within the document).

You might have to look at trying to store some information in session files,
or temporary scratch files.

Just my 2 cents.

> I have an application that passes params around in the url.  We need to
> hide these for security reasons.  We also don't want to have to change a
> lot of code.  Any ideas?
> Thanks,
>  Ryan
>
>
>
> ---------------------------------------------------------------------
> Web Archive:  http://www.mail-archive.com/suppressed/
>               http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> To unsubscribe, e-mail: suppressed
> For additional commands, e-mail: suppressed
>
>


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

References:
- Re: [cgiapp] Hiding Params in url
  - From: Steve Comrie

Prev by Date: Re: [cgiapp] Hiding Params in url
Next by Date: Re: [cgiapp] Hiding Params in url
Previous by thread: Re: [cgiapp] Hiding Params in url
Next by thread: Re: [cgiapp] Hiding Params in url
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.