[WEB4LIB] Re: blanking URL from browser address line

Dan Lester dan at 84.com
Sat Feb 13 13:39:46 EST 1999


At 03:42 AM 2/13/99 -0800, you wrote:
>Could it be as simple as changing the corresponding form method
>from Get to Post?  I haven't seen the URL to the page alluded
>to here, but that's likely one option.  At the server side
>there'd need to be some adjustment in the Perl code if it's not
>Get/Post ready.  The encoded URI (Uniform Resource Identifier)
>wouldn't appear with POST, only the ACTION URL (e.g. /test.cgi).
>Hope this could help.

I'd wondered about that...using POST.  The vendor in immediate question is
UMI, for ProQuest Direct, but there are others too.  If you're willing,
I'll give you info so you can check it out yourself with a real login, etc.   

Same goes for anyone else who can give it a shot.  Of course whether anyone
can get a big vendor to change anything is another question, but it is in
their interest to have good security.  Ebsco and Infotrak/Gale and
Silverplatter are ones that will also need similar setups soon.

thanks

dan


thanks

dan



>
>Robert
>
>rjtiess at warwick.net
>http://members.tripod.com/~rtiess
>
>Dan Lester wrote:
>> 
>> Hi.  I can swear that I've seen information on this before, but some pretty
>> extensive searching hasn't turned it up.
>> 
>> We're using a perl script for user authentication to reach remote
>> databases.  The user fills in an ID and PIN, they're authenticated against
>> a user database, and then redirected to a licensed site that requires a
>> login and password.  What we'd like to do is have the URL not appear in the
>> browser address window, as it is possible for a semi-knowledgable user to
>> read the login and password from the total URL.  Naturally, this somewhat
>> compromises security.
>> 
>> As noted, I'm either crazy, or have seen before, a method of doing this
>> with O'Reilly Website 2.3.x, and perhaps with other servers as well.  It
>> seems it is an easy trick, but I'm drawing a blank.
>> 
>> Any assistance or suggestions appreciated.
>> 
>> thanks
>> 
>> dan
>> 
>> --
>> Dan Lester, 3577 East Pecan, Boise, ID 83716-7115 USA 208-383-0165
>> dan at 84.com   http://www.84.com/  http://www.idaholibraries.org/
>> http://library.boisestate.edu/   http://cyclops.boisestate.edu/
>> http://www.lili.org/  http://www.postcard.org/ Sent me a postcard of a
>> library yet?

--
Dan Lester, 3577 East Pecan, Boise, ID 83716-7115 USA 208-383-0165
dan at 84.com   http://www.84.com/  http://www.idaholibraries.org/
http://library.boisestate.edu/   http://cyclops.boisestate.edu/ 
http://www.lili.org/  http://www.postcard.org/ Sent me a postcard of a
library yet? 



More information about the Web4lib mailing list