Malloy1446
asked on
Include a password in an href link
I have a chart which displays data. The primary, unique field for the table is ChartID. The first column displays city, state. The city and state link to another page which is an update form. The update form does have a password associated with it. I want the link to open a new form for the specific city,state associated with the ChartID. My SQL statement is:
sql = "SELECT tblGeneral.ChartID, tblGeneral.City, tblGeneral.State, " & _
"tblStaff.LNOStaffDesignat ion, tblStaff.StaffGenNotes, tblStaff.FTE,
"FROM tblGeneral INNER JOIN tblStaff ON tblGeneral.ChartID= tblStaff.ChartID " & _
"WHERE tblStaff.LNOStaffDesignati on = 'In Transition' "
My display code for the link to the update form is:
Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")
Is there code I can use to pass the password to the SiteDetails page so it will open?
sql = "SELECT tblGeneral.ChartID, tblGeneral.City, tblGeneral.State, " & _
"tblStaff.LNOStaffDesignat
"FROM tblGeneral INNER JOIN tblStaff ON tblGeneral.ChartID= tblStaff.ChartID " & _
"WHERE tblStaff.LNOStaffDesignati
My display code for the link to the update form is:
Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")
Is there code I can use to pass the password to the SiteDetails page so it will open?
You can pass the password just like any other field, and it would be just about the stupidest thing imaginable. There is no point in using a password if you are going to expose it. Even worse, you will give a hacker all the infprmation they need to accessyou database and totally trash it.
The proper way to do it is to use a form, a put method and an https protocol. Sending a password as part of a link is insanity.
Cd&
The proper way to do it is to use a form, a put method and an https protocol. Sending a password as part of a link is insanity.
Cd&
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I recommend putting the password into a cookie or session variable, while still not totally secure, is a lot more secure than having it visibly seen in a url.
If you must put it in the url, I recommend encrypting it, there a lot of asp routines out there that'll do that for you.