Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 23rd, 2006, 12:32 PM
Registered User
 
Join Date: Apr 2006
Location: , , .
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Pass hidden value from one domain to another

I currently pass a value from an ASP form (form1) on domain 1 to an ASP form (form2) on domain 2 using POST method and a hidden field on the form. If the user selects View, Source they can see the value in the hidden field. Is there a way to pass the value without the user being able to see it on screen, in the querystring or in source? I cannot encrypt/decrypt the value as I do not have control of the value on domain 1.

 
Old October 23rd, 2006, 12:39 PM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default

Hmmm interesting. I know in .NET if i use an HTML Hidden control, run it as a server control and set its visiblity to false, it is not displayed in code but I am still able to access the value.

You may be able to achieve this with javascript, though you make the assumption that all of your users are going to have javascript enabled.

-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.

^^Thats my signature
 
Old October 24th, 2006, 11:56 AM
Friend of Wrox
 
Join Date: May 2006
Location: San Diego, CA, USA.
Posts: 643
Thanks: 0
Thanked 0 Times in 0 Posts
Default

How do you mean that you do not have control of the value in domain 1? Do you mean that you do not have access to the code in the first ASP page? If you aren't in control of what is contained in the first then, like you say, you can't encrypt the value. What alterative is there? Javascript can't modify the original soucre - I can't see how that would work even if the browser has javascript enabled. You could invent other schemes for doing this - for example, if both domains have access to the same database you could store this state information in a database and retrieve it as needed based on some other data in the request.

Why do you want to prohibit the users from seeing this value? If the people in charge of domain 1 are not trying to prevent users from seeing this value, why do you have to deal with it?

Woody Z http://www.learntoprogramnow.com
 
Old October 24th, 2006, 12:43 PM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default

He never said he didn't have access to the source, he just said that he didnt have access to the value which can be for a myraid of reasons, e.g. it's a third party component that pulls the value into the hidden field that he must pass along to the second domain. As far as javascript goes you can do:

document.location.href='page.asp?id=' + value;

As long as this was wired to a button click that would redirect the user to get the value of a form field in javascript is rudimentary.

However, anytime you cross application domains there are always caveats that come up.

-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.

^^Thats my signature
 
Old October 30th, 2006, 02:31 PM
Friend of Wrox
 
Join Date: May 2006
Location: San Diego, CA, USA.
Posts: 643
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
quote:Originally posted by dparsons
 He never said he didn't have access to the source, he just said that he didnt have access to the value which can be for a myraid of reasons, e.g. it's a third party component that pulls the value into the hidden field that he must pass along to the second domain. As far as javascript goes you can do:

document.location.href='page.asp?id=' + value;
Perhaps. But using the value as a querystring parameter is exacly what he states he does not want to do.
The point is, if access to the source is available, then why not encrypt the value. There must be some explaination as to why "access to the value" is not available. Regardless of where the value comes from (for example - a "thirg party compontent") if it is being used in code to create the HTML response, it is therefore available to be encrypted. And thus, my question remains: What is meant by "do not have control of the value in domain 1"???



Woody Z http://www.learntoprogramnow.com
 
Old October 30th, 2006, 02:42 PM
Wrox Author
Points: 13,255, Level: 49
Points: 13,255, Level: 49 Points: 13,255, Level: 49 Points: 13,255, Level: 49
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2005
Location: Ohio, USA
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default

True but, if for some reason, the business rules state the value can not be encrypted the developer is bound to those rules. I take the question at face value.

-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.

^^Thats my signature
 
Old October 31st, 2006, 12:29 PM
Friend of Wrox
 
Join Date: May 2006
Location: San Diego, CA, USA.
Posts: 643
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
quote:Originally posted by dparsons
 True but, if for some reason, the business rules state the value can not be encrypted the developer is bound to those rules. I take the question at face value.
 Right. I don't take anything at face value - I am questioning the real need so we can come to a solution. The requirement relaytest49 is describing seems to have a contradiction. Your solution does not meet the need that is described, which is to "pass the value without the user being able to see it on screen, in the qeurystring or in source." Your solution places it in the querystring.

However, since relaytest49 doesn't seem to be interested in clarifying his/her post, there isn't much use in us discussing it.
Woody Z http://www.learntoprogramnow.com




Similar Threads
Thread Thread Starter Forum Replies Last Post
Same pages for sub domain from main domain vivek_inos ASP.NET 1.0 and 1.1 Professional 1 February 13th, 2007 10:15 AM
pass value to the hidden field Dejitan ASP.NET 1.0 and 1.1 Basics 4 December 21st, 2006 03:13 AM
pass hidden values X-Ken VS.NET 2002/2003 2 September 8th, 2004 07:38 AM
http://domain or http://www.domain anshul HTML Code Clinic 9 August 11th, 2004 01:09 AM
Pass select values to hidden text field? abq23 Javascript How-To 2 July 20th, 2004 09:47 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.