Re: Displaying Image in Browser but not in source

From: Martin Geisler (gimpster_at_gimpster.com)
Date: 05/27/04

Next message: M3k: "Re: Displaying Image in Browser but not in source"
Previous message: M3k: "Re: Problem with php and internal methods"
Next in thread: M3k: "Re: Displaying Image in Browser but not in source"
Maybe reply: M3k: "Re: Displaying Image in Browser but not in source"
Maybe reply: Neal: "Re: Displaying Image in Browser but not in source"
Maybe reply: Angus SC2: "Re: Displaying Image in Browser but not in source"
Maybe reply: Shane Lahey: "Re: Displaying Image in Browser but not in source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 27 May 2004 15:48:52 +0200

"Angus SC2" <a@b.com> writes:

> Basically any way of of calling calling sale.php and passing it
> TotalCost and OrderID would be fine, as long as the user cannot see
> the code.

If the browser can see the source, so can the user, it is as simple as
that. See this thread over at the alt.php newsgroup:

http://groups.google.dk/groups?th=ba74eb3f601b9932

and see this website for the conclusion:

http://www.vortex-webdesign.com/help/hidesource.htm

Since you want to hide the code, you could instead store it on the
server in a session for the user, and then have sale.php extract the
value from $_SESSION instead of $_GET. That way the code will never
be visible to the user.

-- 
Martin Geisler                                  My GnuPG Key: 0xF7F6B57B
PHP EXIF Library      |  PhpWeather              |  PhpShell
http://pel.sf.net/    |  http://phpweather.net/  |  http://gimpster.com/
Read/write EXIF data  |  Show current weather    |  A shell in a browser

Next message: M3k: "Re: Displaying Image in Browser but not in source"
Previous message: M3k: "Re: Problem with php and internal methods"
Next in thread: M3k: "Re: Displaying Image in Browser but not in source"
Maybe reply: M3k: "Re: Displaying Image in Browser but not in source"
Maybe reply: Neal: "Re: Displaying Image in Browser but not in source"
Maybe reply: Angus SC2: "Re: Displaying Image in Browser but not in source"
Maybe reply: Shane Lahey: "Re: Displaying Image in Browser but not in source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: ASP sessionstate
... ASP doesn't know or care what browser it ... ticket number given when the first item is added to the cart. ... How can a Response.Write write to the server screen? ... :> delete the cart file and set the session ...
(microsoft.public.inetserver.asp.general)
"Compaq Web Agent" management session can be re-used without the need to perform authentic
... destructive actions (as server reboot). ... Compaq Web Agent Service 6.0.0.0 using Compaq HTTP Server 5.1.0 on ... servers via a secured HTTP session from a browser client, ... via a legitimate authenticated SSL session - if he closes the session by ...
(Bugtraq)
Re: Attempt to de-mystify AJAX
... >>maintaining a session via URL is not a problem. ... >> around cookies and JS, but it seems to be tough. ... >> as needed back to the server. ... but as I mentioned before - a non-dynamic request by the browser can ...
(comp.databases.pick)
Re: Problem with a session
... Your first posting was a bit vague, but now I understand your problem. ... the POSTDATA and sets againg the session variable to true and anyone ... This IS a real problem, and you cannot 100% solve it. ... try to tell the browser NOT to chache it. ...
(comp.lang.php)
Re: php session without cookie useage
... >>> browser or the application to maintain the state if needed. ... >>> transfer a session key created on login to subsequent pages via a POST ... >>> browser via a cookie or via POST or GET. ... > That may block legitimate users using a round-robin proxy (different ...
(comp.lang.php)