Hiding Query string.

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings
- use method=post instead of method=get, so variables are not sent through the query string
- or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.

You can't hide a query string. That's not how it's designed. You can however

- encrypt query strings
- use method=post instead of method=get, so variables are not sent through the query string
- or store variables in the session scope instead

.. But obfuscation isn't a substitute for good app security.

Hi arrgh,

You might be right, but I am more concerned about clicking any link and moving to some page with data as url variable. Its a good idea to make use of post method type in place of get. But that is not a solution which I am looking for. Any way thanks for your trial. I am still waiting for some more suggestions, if somebody think that this is possible in any way, either by server side coding or by Javascript coding. Any suggestion is most welcome.

Thanks

Dipak

Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

Even with a link, you can't hide url variables. They're visible by design and you can't change that. The best you can do is encode them or hash them into a "tiny url". But you're still passing the values. But like I said, obfuscation is a poor substitute for real security. If there's information people shouldn't see, it should be protected by a login and validated on each page.

Hi arrgh,

I guess you are right. Thanks for all your interest in the post. But if any body come with any idea then he/she is most welcome. So let the post remain as unsolved.

Thanks

Dipak

Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.

Ok. You might want to read up on the http specs, so you'll understand why it's not possible. Best of luck.

Finally I got to know how we can hide url variables while traveling from page to page clicking on links. If we are making use of frames in our web page, then it is not going to display the url variable in the address bar. It will only show the page url containing the frame set.
Ex.

<frameset rows="33,*" frameborder="NO" border="0" framespacing="0">
	<frame src="/test/basics/common/mainMenu.cfm" name="adminNav" frameborder="yes" style="border: 1px solid blue; margin: 2px;" scrolling="NO" noresize >
	<frame src="#cookie.thisPageLink#" name="mainFrame" frameborder="no" scrolling="auto">
</frameset>

Note. cookie.thisPageLink contains the default page for the frame.

Hope fully this will work for web developers.

You're not hiding the url variables. They'll still be just as visible in the browser history and as easy to tamper with.

Ugh... frames.
http://stackoverflow.com/questions/1203068/why-should-i-not-use-html-frames

dipakatcvrca, as arrgh said frames aren't the right solution. Its like making your site more vulnerable and going back in time. "Hope fully this will work for web developers" this ain't true.