Mike, POST is the way to go but a user can still hack the password in the requesting URL to get in.
You may also want to look at session level cookies vs. URL parameters. This has multiple advantages: harder to hack and allows a user to leave your pages and then return because the browser caches the info and sends it to the web server. A session level cookie is removed when the browser exits. > From: Mike Kelley <[EMAIL PROTECTED]> > Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> > Date: Wed, 28 Nov 2001 22:49:34 -0700 > To: [EMAIL PROTECTED] > Subject: Hinding information from the URL (during the request) > > I have a simple form that sets a page up so a user can query a DB, the > beginning of the page is a form where the user enters their user name and > password .... > > The password is "hidden" as the user types > > BUT > > When they submit the query all connection data (including the password!) is > displayed in the address bar of the browser. > > How do I stop from passing the information in the address bar (or at least > how do I hide it??)?? > > TIA > > Mike > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>