|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to hide the text in url?I am passing the userid and password from one asp page to another,
how can I restrict it from displaying it on the url? Eg. http://mywebsite/employeeinformation.asp?variable=myname I would like it to show just http://mywebsite or at the most http://mywebsite/employeeinformation.asp. Thank you, -Me Me wrote:
> I am passing the userid and password from one asp page to another, Simple. don't pass sensitive information in the URL. Use the Session> how can I restrict it from displaying it on the url? > > Eg. http://mywebsite/employeeinformation.asp?variable=myname > > I would like it to show just > http://mywebsite or at the most > http://mywebsite/employeeinformation.asp. > object to preserve this information - no need to pass it from page to page. -- Microsoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup. Thanks Bob,
-Me Show quoteHide quote "Bob Barrows [MVP]" wrote: > Me wrote: > > I am passing the userid and password from one asp page to another, > > how can I restrict it from displaying it on the url? > > > > Eg. http://mywebsite/employeeinformation.asp?variable=myname > > > > I would like it to show just > > http://mywebsite or at the most > > http://mywebsite/employeeinformation.asp. > > > Simple. don't pass sensitive information in the URL. Use the Session > object to preserve this information - no need to pass it from page to > page. > > > -- > Microsoft MVP -- ASP/ASP.NET > Please reply to the newsgroup. The email account listed in my From > header is my spam trap, so I don't check it very often. You will get a > quicker response by posting to the newsgroup. > > > Stick it in a session var?, a DB?
Show quoteHide quote "Me" <M*@discussions.microsoft.com> wrote in message news:43EB1F21-D42D-4A3C-87B0-CA46EE128BD0@microsoft.com... > I am passing the userid and password from one asp page to another, > how can I restrict it from displaying it on the url? > > Eg. http://mywebsite/employeeinformation.asp?variable=myname > > I would like it to show just > http://mywebsite or at the most http://mywebsite/employeeinformation.asp. > > Thank you, > -Me > Thank you Steve,
-Me Show quoteHide quote "Steven Burn" wrote: > Stick it in a session var?, a DB? > > -- > Regards > > Steven Burn > Ur I.T. Mate Group > www.it-mate.co.uk > > Keeping it FREE! > > "Me" <M*@discussions.microsoft.com> wrote in message > news:43EB1F21-D42D-4A3C-87B0-CA46EE128BD0@microsoft.com... > > I am passing the userid and password from one asp page to another, > > how can I restrict it from displaying it on the url? > > > > Eg. http://mywebsite/employeeinformation.asp?variable=myname > > > > I would like it to show just > > http://mywebsite or at the most http://mywebsite/employeeinformation.asp. > > > > Thank you, > > -Me > > > > > Me wrote:
> I am passing the userid and password from one asp page to If you do not want credentials in the querystring, do not put them there.> another, how can I restrict it from displaying it on the > url? > > Eg. http://mywebsite/employeeinformation.asp?variable=myname That leaves the rest of the request, including headers. None of these is an especially great parking place for credentials unless you are using SSL. The *simplest* solution is probably to use integrated Windows security. Alternately, you could store credentials in session variables. Your question is far to general to merit further comment. -- Dave Anderson Unsolicited commercial email will be read at a cost of $500 per message. Use of this email address implies consent to these terms. Thank you Dave, I realized that I need help in setting up session variables.
-Me Show quoteHide quote "Dave Anderson" wrote: > Me wrote: > > I am passing the userid and password from one asp page to > > another, how can I restrict it from displaying it on the > > url? > > > > Eg. http://mywebsite/employeeinformation.asp?variable=myname > > If you do not want credentials in the querystring, do not put them there. > > That leaves the rest of the request, including headers. None of these is an > especially great parking place for credentials unless you are using SSL. > > The *simplest* solution is probably to use integrated Windows security. > Alternately, you could store credentials in session variables. Your question > is far to general to merit further comment. > > > > > -- > Dave Anderson > > Unsolicited commercial email will be read at a cost of $500 per message. Use > of this email address implies consent to these terms. > > >  
Other interesting topics
Session variables are lost
Flat File Security vs Database VBscript FormatPercent overflow 800a0006 help with emergency, asp program cannot talk to sql server 2000 an Adverts on my message board VBScript Runtime error (with no line number) Server Times Out with ASPSESSIONID Cookie Downloading files from ASP Page Basic Questions about Global.asa from a beginner Server.HTMLEncode with UTF-8 |
|||||||||||||||||||||||
