Use a hidden frame that contains a form. Store your "hidden" parameters
there so that the person cannot easily see them.
This is still, NOT! totally secure.
Another option could be to use sessions and store the "hidden" parameters
for this session inside your servlet runner so that they are never passed
back to the client. Only the session id is passed back to the client.
This is better if you're willing to deal with session management in your
servlets. The archives of this list are packed with discussions about
session management and the like.
Brian
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Sam
> Rose
> Sent: Friday, April 09, 1999 6:32 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How do I hide the parameters?
>
>
> So what would be the best option to stop people from doing this?
> i.e. is there a better way instead of passing hidden parameters?
>
> -----Original Message-----
> From: Balogh Andras [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 09, 1999 11:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How do I hide the parameters?
>
> >I'm sending hidden parameters to and from servlet's, but on the URL
> >the parameters are being displayed.
> >
> >I'm sure that this must be some kind of security risk, if so how can I
> >hide them, within the URL?
> >
>
>
> You can use the POST method but it is still not SECURE .
> Somebody if it's interested can look in the source and
> look at the hidden fields values.
>
> Best wishes,
> Andras.
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
