Solved

Sending hidden data without using a post?

Posted on 2004-10-28
241 Views
Last Modified: 2010-04-09
I have a client application that I am working on that needs to send information to a webpage located on a webserver.  I do not want this information to be viewable by the user (I.e. using a GET statement).  I thought I could use the POST option but it seem that I cannot use POST unless using a form, something I do not want to deal with.  Is there another way to acheive this?  Thanks.
0
Question by:will1383
    16 Comments
     
    LVL 6

    Expert Comment

    by:pkaleda
    The only way to do it is with a Post from a form.  All other information has to be transfered in a query string using the Get method.
    0
     
    LVL 53

    Expert Comment

    by:COBOLdinosaur
    You could use XMLHTTP, but that has security issues as it uses activex. It would, of course, also require user consent, and I have never considered it particularly reliable.

    Cd&
    0
     

    Author Comment

    by:will1383
    XMLHTTP?  What is that and why does it use activex?
    0
     

    Author Comment

    by:will1383
    Also I read something somewhere about hidden variables, is this a possible solution?
    0
     
    LVL 10

    Expert Comment

    by:Havin_it
    You could try 'obfuscating' the GET string (by e.g. urlencoding it) so it's less obvious what it is; choose a bogus parameter name, so it's something like '...&myCake=myValue'; or throw in a couple of redundant parameters at the start of the GET string that will 'push' your sensitive parameter far to the right. That way it won't be within the visible portion of the URL in the user's address-bar.

    Example:

    http://www.domain.dom/receiving-page.htm?redundantVar1=000000233455000234550000000&redundantVar2=4756853424533224222225&myHiddenVar=myValue

    (Apologies for the long line...!)
    0
     
    LVL 10

    Expert Comment

    by:Havin_it
    Whoa... you guys been busy while I was typing. Hidden variables can be used in any form, but they are visible in the source
    code, and a GET form will send them in the URL string.

    The only way to pass a variable between pages without the user seeing it is using sessions or cookies.

    Cookies can be set using javascript, but again this will show up in the source code.
    If you set cookies using server-side programming, the user can still find and read the cookie on their computer.

    Sessions require server-side programming on the sending and receiving pages. If you have any such capability,
    let us know what flavour.
    0
     

    Author Comment

    by:will1383
    We haven't decided what flavor of server-side programming we are going to use, and at the moment I have a development machine that has ASP, php (I know if we go this route the web machine will be linux for performance reasons), and .NET.  I've been playing around with both PHP and ASP quite a bit but I don't have VS.NET yet.
    0
     
    LVL 10

    Expert Comment

    by:Havin_it
    I wouldn't write off PHP for Win32 servers. Used as an ISAPI module it is pretty speedy, and I haven't yet managed to
    b0rk the server by using it in wacky ways.
    0
     
    LVL 9

    Expert Comment

    by:ftaco96
    So you have a client application - as in a windows client - and you're trying to send info to a web page?
    0
     

    Author Comment

    by:will1383
    Correct.
    0
     
    LVL 9

    Expert Comment

    by:ftaco96
    Are you using some sort of web control like the WebBrowser ActiveX control in VB? If so, you don't have to show the address you're making the control go to. You don't even have to show the control. Do you even need to show the web page that you're going to?
    0
     

    Author Comment

    by:will1383
    At the moment I am not using an ActiveX control.  I am looking for methods that do not include the use of an activeX control and the one method I can come up with is using a method of making a request to a web page including the information I wish to send back to the application server.
    0
     
    LVL 9

    Expert Comment

    by:ftaco96
    So what is the method you are currently using to send the request to the web server?
    0
     
    LVL 9

    Expert Comment

    by:ftaco96
    And what is the client software coded in?
    0
     
    LVL 6

    Accepted Solution

    by:
    I know you said you don't want to use a form, but are you sure you aren't averse to using a hidden one?
    Below is a very convienent method.  When you've called dataPass as many times as needed, just put (in <SCRIPT> tags).  

    var dform=document.getElementById("dataform");
    dform.submit();

    function dataPass(newparam,storval)
    {
        var dform=document.getElementById("dataform");
        dform.appendChild(document.createElement("INPUT"));
        var inputs=dform.children;
        var last=inputs[length-1];
        last.style="visibility:none"
        last.value=storval;
    }

    <FORM id="dataform" method="post" action="/" style="visibility:none">
    </FORM>

    I hope this works for you.
    0
     
    LVL 6

    Expert Comment

    by:superm401
    Sorry, use this:

    var dform=document.getElementById("dataform");
    dform.submit();

    function dataPass(newparam,storval)
    {
        var dform=document.getElementById("dataform");
        dform.appendChild(document.createElement("INPUT"));
        var inputs=dform.children;
        var last=inputs[length-1];
        last.style="visibility:none"
        last.value=storval;
        last.name=newparam;
    }

    <FORM id="dataform" method="post" action="/" style="visibility:none">
    </FORM>
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Introduction This warning has to be one of the most commonly issued warnings in the history of PHP.  The article explains why this warning arises and what to do to mitigate the problem. How this Happens HTTP headers include many different kinds…
    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
    The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now