How about keeping all the parameters in a Session object, which resides on the server side.
- tunde
-----Original Message-----
From: Sam Rose [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 09, 1999 5:32 AM
To: [EMAIL PROTECTED]
Subject: Re: How do I hide the parameters?
So what would be the best option to stop people from doing this?
i.e. is there a better way instead of passing hidden parameters?
-----Original Message-----
From: Balogh Andras [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 09, 1999 11:15 AM
To: [EMAIL PROTECTED]
Subject: Re: How do I hide the parameters?
>I'm sending hidden parameters to and from servlet's, but on the URL
>the parameters are being displayed.
>
>I'm sure that this must be some kind of security risk, if so how can I
>hide them, within the URL?
>
You can use the POST method but it is still not SECURE .
Somebody if it's interested can look in the source and
look at the hidden fields values.
Best wishes,
Andras.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
