i want to pass parameter to another page through iframe example
<iframe src="http://otherserver.com/page?user=user_id"/>
rather than passsing user= id this way, is there any technique so that user will not aware of user=user_id ?
views:
114answers:
1
+1
A:
What you could probably do is to load a dummy page to that iframe and then load the correct page using JavaScript. You could use POST request to hide the parameters from the URL. However if a user wants to find what exactly you are posting he can always see that from your JS, although it won't be as obvious as checking iFrame's src attribute.
RaYell
2009-08-11 07:38:12
This doesn't sound like a good idea
rahul
2009-08-11 07:40:36
For me, obfuscating the id doesn't sound like a good idea. The best option is to have server side security mechanism and leave ids as they are.
RaYell
2009-08-11 07:45:10
Its not obfuscating the id value. Its about user-parameter name
rahul
2009-08-11 07:46:02
But what's the point of that. The only effect it will have is that you will have to use the different parameter name in your server side script which will probably make it harder to read. No offence man, I'm not saying my solution is good and yours i bad. My opinion is that it's better to ignore this problem client side and spend some time improving server side scripts that will make visible user id not a problem at all. Plus if you are referring to a different server which is not yours then there is little you can do, you cannot change the param name because server won't recognize it.
RaYell
2009-08-11 08:10:30