Link to home
Create AccountLog in
Avatar of Malloy1446
Malloy1446

asked on

Include a password in an href link

I have a chart which displays data. The primary, unique field for the table is ChartID. The first column displays city, state. The city and state link to another page which is an update form. The update form does have a password associated with it. I want the link to open a new form for the specific city,state associated with the ChartID. My SQL statement is:

 sql = "SELECT tblGeneral.ChartID, tblGeneral.City, tblGeneral.State, " & _
       "tblStaff.LNOStaffDesignation, tblStaff.StaffGenNotes, tblStaff.FTE,
      "FROM tblGeneral INNER JOIN tblStaff ON tblGeneral.ChartID= tblStaff.ChartID " & _
      "WHERE tblStaff.LNOStaffDesignation = 'In Transition' "

My display code for the link to the update form is:

      Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
        href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")

Is there code I can use to pass the password to the SiteDetails page so it will open?
Avatar of Big Monty
Big Monty
Flag of United States of America image

it's not a very good idea to put a password directly into a url, anybody will be able to see it.

I recommend putting the password into a cookie or session variable, while still not totally secure, is a lot more secure than having it visibly seen in a url.

If you must put it in the url, I recommend encrypting it, there a lot of asp routines out there that'll do that for you.
You can pass the password just like any other field, and it would be just about the stupidest thing imaginable.  There is no point in using a password if you are going to expose it.  Even worse, you will give a hacker all the infprmation they need to accessyou database and totally trash it.

The proper way to do it is to use a form, a put method and an https protocol.  Sending a password as part of a link is insanity.

Cd&
ASKER CERTIFIED SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer