Well, think about it: there is no way to really hide what variables the browser is sending to the server. What happens on client-side space is wide open. How do you prevent users from seeing variables that are set in forms, etc...?
Now, if you are talking about hiding "accumulated" variables that go with the user from page to page, then you shouldn't be sending them through the browser anyway. Read about sessions (
This allows you to keep the variables on the server side, and simply send a unique identifier, which can be set in a cookie, or on the URL, which might look like
Additionally, if you are concerned about security at all, you should use SSL for everything, which will minimize the chance of people hijacking session keys.
Another step you can take is to make sure that all variable names inside your PHP code are different from form element names. Run every form through a small script which validates it and uses different names for the rest of your PHP code. (Setting register_globals = Off in php.ini is very helpful, also). This will minimize the possibility of hackers guessing your internal structure and naming conventions. -------------------------------------------
Big Brother: "War is Peace" -- Big Business: "Suspicion is Trust"
(
