How can i mask a URL parameter

Question

I have a instant messaging app and i need to mask the URL
parameters that uniquely identify the message (autonumber in access
db) so that a user cant change the parameter number in the browser
click refresh and delete a different message#
How can i mask the msdID=<number> from showing in the
browser to prevent a user from deleting or saving someone elses
messages? I know it can be done
to see the example got to: 
http://gohbcc.com/CallCenter/EMPLOYEEMessagesVIEW.asp
and enter USERNAME: admin PASSWORD: 1234
any option would be great
MikeL7

MikeL7 · Accepted Answer

Your message helped, i put the code to create the variablejust before the repeating region table and then made form buttonsthat post the variable and labeled the buttons and it worksperfect. THANKS

Newsgroup_User · Answer

> How can i mask the msdID=<number> from showing in the browser to prevent a
> user from deleting or saving someone elses messages?

This would be security through obscurity which is a bad idea.

Don't worry about masking the message. Instead, check the permissions of the
message on the server before returning it to the browser.

If you can't/don't want to do that, at the very least you could use server
sessions to pass the info instead rather than querystrings.

-Darrel

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded