[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Sending hidden data without using a post?

I have a client application that I am working on that needs to send information to a webpage located on a webserver.  I do not want this information to be viewable by the user (I.e. using a GET statement).  I thought I could use the POST option but it seem that I cannot use POST unless using a form, something I do not want to deal with.  Is there another way to acheive this?  Thanks.
0
will1383
Asked:
will1383
  • 5
  • 4
  • 3
  • +3
1 Solution
 
pkaledaCommented:
The only way to do it is with a Post from a form.  All other information has to be transfered in a query string using the Get method.
0
 
COBOLdinosaurCommented:
You could use XMLHTTP, but that has security issues as it uses activex. It would, of course, also require user consent, and I have never considered it particularly reliable.

Cd&
0
 
will1383Author Commented:
XMLHTTP?  What is that and why does it use activex?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
will1383Author Commented:
Also I read something somewhere about hidden variables, is this a possible solution?
0
 
Havin_itCommented:
You could try 'obfuscating' the GET string (by e.g. urlencoding it) so it's less obvious what it is; choose a bogus parameter name, so it's something like '...&myCake=myValue'; or throw in a couple of redundant parameters at the start of the GET string that will 'push' your sensitive parameter far to the right. That way it won't be within the visible portion of the URL in the user's address-bar.

Example:

http://www.domain.dom/receiving-page.htm?redundantVar1=000000233455000234550000000&redundantVar2=4756853424533224222225&myHiddenVar=myValue

(Apologies for the long line...!)
0
 
Havin_itCommented:
Whoa... you guys been busy while I was typing. Hidden variables can be used in any form, but they are visible in the source
code, and a GET form will send them in the URL string.

The only way to pass a variable between pages without the user seeing it is using sessions or cookies.

Cookies can be set using javascript, but again this will show up in the source code.
If you set cookies using server-side programming, the user can still find and read the cookie on their computer.

Sessions require server-side programming on the sending and receiving pages. If you have any such capability,
let us know what flavour.
0
 
will1383Author Commented:
We haven't decided what flavor of server-side programming we are going to use, and at the moment I have a development machine that has ASP, php (I know if we go this route the web machine will be linux for performance reasons), and .NET.  I've been playing around with both PHP and ASP quite a bit but I don't have VS.NET yet.
0
 
Havin_itCommented:
I wouldn't write off PHP for Win32 servers. Used as an ISAPI module it is pretty speedy, and I haven't yet managed to
b0rk the server by using it in wacky ways.
0
 
ftaco96Commented:
So you have a client application - as in a windows client - and you're trying to send info to a web page?
0
 
will1383Author Commented:
Correct.
0
 
ftaco96Commented:
Are you using some sort of web control like the WebBrowser ActiveX control in VB? If so, you don't have to show the address you're making the control go to. You don't even have to show the control. Do you even need to show the web page that you're going to?
0
 
will1383Author Commented:
At the moment I am not using an ActiveX control.  I am looking for methods that do not include the use of an activeX control and the one method I can come up with is using a method of making a request to a web page including the information I wish to send back to the application server.
0
 
ftaco96Commented:
So what is the method you are currently using to send the request to the web server?
0
 
ftaco96Commented:
And what is the client software coded in?
0
 
superm401Commented:
I know you said you don't want to use a form, but are you sure you aren't averse to using a hidden one?
Below is a very convienent method.  When you've called dataPass as many times as needed, just put (in <SCRIPT> tags).  

var dform=document.getElementById("dataform");
dform.submit();

function dataPass(newparam,storval)
{
    var dform=document.getElementById("dataform");
    dform.appendChild(document.createElement("INPUT"));
    var inputs=dform.children;
    var last=inputs[length-1];
    last.style="visibility:none"
    last.value=storval;
}

<FORM id="dataform" method="post" action="/" style="visibility:none">
</FORM>

I hope this works for you.
0
 
superm401Commented:
Sorry, use this:

var dform=document.getElementById("dataform");
dform.submit();

function dataPass(newparam,storval)
{
    var dform=document.getElementById("dataform");
    dform.appendChild(document.createElement("INPUT"));
    var inputs=dform.children;
    var last=inputs[length-1];
    last.style="visibility:none"
    last.value=storval;
    last.name=newparam;
}

<FORM id="dataform" method="post" action="/" style="visibility:none">
</FORM>
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 5
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now