Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hiding destination URL

Status
Not open for further replies.
roycrom

roycrom

Programmer
Joined
Aug 2, 2002
Messages
184
Location
GB
Hi I'm using php, mysql and apache,

I'm not sure if what I'm asking can be done but here goes,

When you hover over a link, the destination url is displayed at the bottom of the browser.

I want to prevent this display as it contains my php variable names so peaople could then just type them into the adress bar.

Anyone help me? PLEASE!

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Sort by date Sort by votes
yep but when people press the link then the whole url is visible in the address bar anyway ?? and why should people type it in the address bar when they can also press on the url ??
 
Upvote 0 Downvote
Sorry,

I had already thought of that one and as I'm using frames (I think thats the reason its doing it :-) ) Then the address doesn't change in the address bar so they can't see my variable names that way.

The reason I don't want the links with the variable names appearing at the bottom is so they can't type their own values in instead of a specific one through the forms or interface that I created. I'm just trying to be as secure as possible.

I noticed you said there is a way, could you let me know or point me in the right direction, thanks :-)

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Upvote 0 Downvote
perhaps you can also dynamically generate the urls from selections made in a form. in that case you don't have to pass the variabels with the get method.

 
Upvote 0 Downvote
I'm not entirely sure what you mean by dynamically generated URL's. Could you explain that.

I'll try to explain the purpose of my pages:

The pages are a viewing tool and administering tool wrapped into one. The site is a secure one so unfortunately you wont be able to access it so its pretty difficult for me to explain without you seeing it but basically the user gets to change the attributes of an item in the database by clicking on parts of the page. These are predefined items but there is also one or two options where the changes have to be typed in. I have some validation checking in there but I just worry about sumething "untoward" being slipped in by a malicious person, I also just realised that if someone is genned up enough to be typing variables and values in the address bar then they're pretty likely to be know the can just right click a link for the properties even if the destination URL is hidden at the bottom of the browser so looks as tho there is no easy solution, except maybe dynamically generated URLS.

What where those again???

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Upvote 0 Downvote
On the issue of security: give up. Whatever you have in your HTML can be seen by the client (in your HTML source) so there is no way to hide those variables.

You might investigate javascript tricks to change what is displayed in the status bar at the bottom of the browser window.

- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
 
Upvote 0 Downvote
I have an example with my whiskysearchdatabase

on (option database) from there you can enter information and submit. after that you get the url with the results without passing variables to the url.

further on you can also use md5 keys to make it impossible for someone to guess another key

I have used for instance on my forum where users can change there info. when just the userid is passed just about everyone can change the userid in the url and change someone else his info. if you encrypt certain values of the user and use that encrypted key to pass in the url then it's hard for someone to guess another key (since they are 30 bytes large)
 
Upvote 0 Downvote
Thanks for your replies hos2, and you too jimoblak.

I do have some forms that just get passed back to itself so there is no visible URL.

On the links showing the URL, I guess I can live with this.

I've got apache set up to only allow certain IP's to this and the IP's they're coming from should be trusted users so its not too big a problem. Just thought it would be nice :-)

Thanks again, it is appreciated.

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question Question
Include URL with parameter in table generated by php
Replies
3
Views
817
PeDa
PeDa
sunbase
  • Locked
  • Question Question
copy an image file from a PHP url
Replies
5
Views
546
sunbase
sunbase
sunbase
  • Locked
  • Question Question
writing to a table before calling a URL
Replies
16
Views
3K
ChrisHirst
ChrisHirst
cleartango
  • Locked
  • Question Question
How do I change URL links in a login | register button?
Replies
2
Views
365
cleartango
cleartango
johngiggs
  • Locked
  • Question Question
Help with setting destination of uploaded file dynamically
Replies
3
Views
283
johngiggs
johngiggs

Part and Inventory Search

Sponsor

Back
Top