Hide var in URL

[GUJUm0deL]

I have a URL that looks something like:
www.mysite.com/somepage.cfm?somevar=1

Anyway I can hide the bold part of the above URL in the browser so the user can't intentionally muck with the var and cause some error?

I have all possible scenarios thought up of and all work, but just curious if I can just hide that portion of the URL but still make sure the var is being passed in the URL.

Thanks.

[sub]
____________________________________
Just Imagine.

http://www.imajinarts.com

[sub]

 

[ecobb]

You can use frames.



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[webron]

You could use the encrypt and decrypt functions

<cfset seed = "1234567890">
somepage.cfm?somevar=#urlencodedformat(encrypt(78, seed))#

#decrypt(urlDecode(url.somevar), seed)#

 

[ecobb]

That would keep someone from tampering with it, but it still shows the url string.



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[GUJUm0deL]

Thanks for the tips guys, but I don't want to use frames, I am against frames of all sorts (well, maybe iFrames I can make an exception)

Yeah ECAR is right, I would like to hide that portion of the URL. I thought about opening a new window and not showing the URL and toolbar et al, but the boss-man does not want that.

The hiding of the URL is not a requirement, its someting I would like. If there is a way, great...if not, then oh well...

Thanks...

[sub]
____________________________________
Just Imagine.

http://www.imajinarts.com

[sub]

 

[neofactor]

Your options are limited...

1) Outer-frame for whole site. (That brands the whole area within a single frame window)

2) Use POST instead of GET (Unless you need the direct link)

3) Have page accept the URL string, but then store it as a cookie or session variable.. then redirect the user to the somepage.cfm where yourefer to those variables.

4) I like the encrypt option... even though it still is visable.

I guess you need to ask your self why are you hidding it?

Astetics seems to be getting in the way of option 4 for you, but that is the best solution to keep those users from messing with it.

 

[GUJUm0deL]

Hi neofactor, the only reason I wanted to hide it was in case some user decides to delete the 'somevar=1' portion or if they change 'somevar=1' to another number and try to submit.

I already thought up of all known ways someone can muck with the URL string. I even have a default value set if the 'somevar' value is missing or has some wierd value assigned to it. But I guess i'd sleep better knowing if I can hide that in the URL. Guess those are my only options, oh well.

Thanks.

[sub]
____________________________________
Just Imagine.

http://www.imajinarts.com

[sub]

 

[TruthInSatire]

if the browser can see it, so can the user, somehow, someway, you can't get around that.

opening a new window with no address bar is a no go. ctrl + n will open the current page in a new window with a full address bar and browser menu.

you can always view source in a frame to get the links.

Cookies are just txt files, but is probably the trickier of the 4 options.

you may want to try to look for the reffering page. if the user simply changes the somevar=x to somevar=y there will NOT be a reffering page, you can send them to a "shame on you" page. There may be sometimes when you don't get a reffering page when you should, but its a [somewhat] reasonable solution.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[coldfused]

Ben Forte wrote in his book way around this, I read it a while back. I will have to look it up when I get in and see what it says. I'll post later.

----------------------------------------
Florida Web Design
Orlando Web Hosting
Florida Coldfusion Hosting