Frame src parameters

Hello,
As you know, "Frame" tag has an "src" attribute which can hold a web
address, sometimes with parameters.

For the same security reasoning for choosing POST over GET method, is
there a way to hide those parameters from the user? So he may not see
them on the statusbar or the address bar?

Thanks, dushkin.

jaja wrote:

Quote:

Hello,
As you know, "Frame" tag has an "src" attribute which can hold a web
address, sometimes with parameters.

For the same security reasoning for choosing POST over GET method, is
there a way to hide those parameters from the user? So he may not see
them on the statusbar or the address bar?

As in any other case, only when you are posting the results of a form

submission to the frame.

Hi jaja

On May 20, 12:26 pm, jaja <dush... (AT) 012 (DOT) net.il> wrote:

Quote:

For the same security reasoning for choosing POST over GET method, is
there a way to hide those parameters from the user? So he may not see
them on the statusbar or the address bar?

Harlan has already given a perfect answer to your actual question, but
your question betrays a misunderstanding which I will try to correct.

There are no significant differences of security between POST and
GET. You can never hide the values of form fields (which you are
calling "parameters") from the user agent (browser software) or the
user. Any user can just use the "Page Info" or similar feature to
view the values at any time.

Additionally, any method which protects the data from a third party
(eg: nosy proxy administrator) will either work the same for both POST
and GET, or not work for both.

The reason that you should use POST instead of GET is because making a
request more than once has side-effects (eg: writes to a database).
If making a request more than once has no side-effects (or the same
side-effects as making it once) then you should use GET.

The only other reason that you should choose POST over GET is if your
data set is large (more than a few of hundred bytes) or uses an
unusual character set.

HTH
viza

jaja <dushkin (AT) 012 (DOT) net.il> wrote in news:e2f9531d-38b5-4095-b641-
80d4f33280a5 (AT) 25g2000hsx (DOT) googlegroups.com:

Quote:

Hello,
As you know, "Frame" tag has an "src" attribute which can hold a web
address, sometimes with parameters.

For the same security reasoning for choosing POST over GET method, is
there a way to hide those parameters from the user? So he may not see
them on the statusbar or the address bar?

Do you want hide a querry string?

src="http://example.com/fly.php?a=apple&b=banana&data=fruit"

If that is what you would like, look into .htaccess and using a
RewriteRule.

rewrite

http://example.com/p1

to

http://example.com/fly.php?a=apple&b=banana&data=fruit

RewriteEngine On
RewriteRule ^p1$ fly.php?a=apple&b=banana&data=fruit

--
BootNic Tuesday May 20, 2008 12:53 PM
"If you want to test your memory, try to recall what you were
worrying about one year ago today."
*Rotarian*