Niko, et al -- ...and then Niko Gunadi said... % % On Mon, Jun 24, 2002 at 02:35:06PM -0700, Ovid wrote: % >Niko, % > % >If you pass the variables to the page, the user can find them, period. If you control the output ... % % From what i know (which is limited :), if we pass the variable in POST % method, the user can't find out what we have passed, can they ?
Yes s/he can. If the variables are in the page to be in the form to be sent back via POST, then the user can find them, period. Try it yourself: set up something via POST and then surf to the page and then "view source" or the equivalent in your browser (and if there isn't an equivalent then find a browser, even if just for a moment, that DOES have it) and look and see your data hanging right out there for all to see. HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg05533/pgp00000.pgp
Description: PGP signature
