Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Hiding my url information in a address bar
- Thread starter lcky
- Start date
DotNetGnat
Programmer
use POST instead of GET as suggested by tsuji...below is the example...
-DNG
Code:
<form name="myform" method="get" action="test.asp">
<input type="text" name="textfield">
<input type="submit" name="Submit" value="Submit">
</form>
after submitting this form the url would appear like:
[URL unfurl="true"]http://some_domain_name.com/test.asp?textfield=SOMEVALUE&Submit=Submit[/URL]
You would then use the Request.QueryString("textfield") method to retrieve the value.
Code:
The POST form method will post to the page and values are not apparent in the URL, Example:
<form name="myform" method="post" action="test.asp">
<input type="text" name="textfield">
<input type="submit" name="Submit" value="Submit">
</form>
after submitting this form the url would appear without the
querystrings:
[URL unfurl="true"]http://some_domain_name.com/test.asp[/URL]
You would then use the Request.Form("textfield") method to retrieve the value.A few ways...
1. Use Server.Execute / Server.Transfer in the default page for your site to run specific pages on the server, but always through the one visible page to the user - you can complexifyTM this even further by POSTing everything rather than GETing.
2. Use AJAX Client side to call server side scripts from the default website page and pass parameters that will instruct your server side ASP page to call other pages.. a fancy way to do option 1. Or call the page directly, but in that case you don't really obfuscate the page names as you need to specify them in the AJAX call.
(dare I even suggest this one ?? ok..)
3. Frames.... hideous, hideous frames. But it will kind of do what you ask (it really only masks it, as the page name is needed to load the sub frames)
(sorry to all the regulars.. I had to throw this nonsensical one in just for fun;-))
Option 1 will truly obfuscate server side file names from the process, and is the most 'secure' in that sense...
Option 2 could be obfuscated in a similar way to option 1
Option 3 doesn't really hide them from the client, it just hides them from the user at first glance (e.g. the address bar).. they can easily find out the real url.
If this is for security purposes, I wouldn't bother - there are more pressing matters you should be thinking of, especially if you don't know how to do the above (no offense, but if you need to ask this question, there are gaps in your knowledge of security that a hacker will take advantage of).
Even if you use POST instead of GET, a user can still see whatever you send back to the server - even hidden fields, in case that is what you're worried about.
If it is an aesthetic thing, consider how people will bookmark pages on your site, and think about if this is worth all the hassle just to remove a string of characters stored out of the normal field of vision that appears on most sites on the web...
Have a think, you may be creating more work for yourself unnecessarily..
A smile is worth a thousand kind words. So smile, it's easy!
1. Use Server.Execute / Server.Transfer in the default page for your site to run specific pages on the server, but always through the one visible page to the user - you can complexifyTM this even further by POSTing everything rather than GETing.
2. Use AJAX Client side to call server side scripts from the default website page and pass parameters that will instruct your server side ASP page to call other pages.. a fancy way to do option 1. Or call the page directly, but in that case you don't really obfuscate the page names as you need to specify them in the AJAX call.
(dare I even suggest this one ?? ok..)
3. Frames.... hideous, hideous frames. But it will kind of do what you ask (it really only masks it, as the page name is needed to load the sub frames)
(sorry to all the regulars.. I had to throw this nonsensical one in just for fun;-))
Option 1 will truly obfuscate server side file names from the process, and is the most 'secure' in that sense...
Option 2 could be obfuscated in a similar way to option 1
Option 3 doesn't really hide them from the client, it just hides them from the user at first glance (e.g. the address bar).. they can easily find out the real url.
If this is for security purposes, I wouldn't bother - there are more pressing matters you should be thinking of, especially if you don't know how to do the above (no offense, but if you need to ask this question, there are gaps in your knowledge of security that a hacker will take advantage of).
Even if you use POST instead of GET, a user can still see whatever you send back to the server - even hidden fields, in case that is what you're worried about.
If it is an aesthetic thing, consider how people will bookmark pages on your site, and think about if this is worth all the hassle just to remove a string of characters stored out of the normal field of vision that appears on most sites on the web...
Have a think, you may be creating more work for yourself unnecessarily..
A smile is worth a thousand kind words. So smile, it's easy!
- Status
Similar threads
- Locked
- Question
- Locked
- Question