Thread: What is SSL?

    #1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2000
    Location
    Singapore
    Posts
    21
    Rep Power
    0
    If I want people to use my Web Server and CGI passing in parameters which I don't want people to view?

    E.g. http://myweb/cgi-bin/mycgi.cgi?pw=123456&user=me

    With SSL helps? And if so, how does SSL do it?
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>I don't want people to view?

    In which way? Look over shoulder? If so, use POST method instead of GET method.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Location
    Pheonix, AZ
    Posts
    3
    Rep Power
    0

    url encoding alternatives



    URL encoding is nice for both users (because they can bookmark it, email it to friends, switch between browsers, and so forth) and for servers (because it's not tied ot a particluarl server if you're load balancing), but it does make a big ugly URL. In particular although Netscape and others allow around 8k of data in the url, Internet Explore limits you to 800 bytes, I believe.

    Anyways, cookies and sessions are both good ways to do what you want. You can stuff as many vars as you want into the session and then keep track of what session they have either via a cookie stored on their system or via an ID in the URL, which is a little easier on the eyes and shorter. However, they gives you some more instability (if webserver restarts, they are forced back to logon page, for example) and peopel don't like cookies anyways.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Location
    Arizona
    Posts
    1
    Rep Power
    0

    Use METHOD="post"


    sherman's info is good but the simplest answer (if I understand your question) is simply to use <FORM METHOD="post" .....> rather than <FORM METHOD="get" ....>. This will keep the variables hidden. SSL is a whole other topic if you wanted the actual data to be encrypted but it sounds like you just don't want the variables viewable in the URL window. The urlencode simply takes care of spaces and junk in the get string. I don't think URL encoding will "hide" the values.

    If your data is not originating in a form but from a hypertext link then my suggestion won't work (but then again you shouldn't be sending passwords in a text link anyway...)

    Hope this helps.

IMN logo majestic logo threadwatch logo seochat tools logo