Pass Key to INET routine (O4W)
At 19 JUL 2011 11:37:23AM Bill North wrote:
I need to pass a key to an INET routine that displays a form but I do not want the key to appear in the URL command that calls the INET procedure. Any ideas?
Regards
Bill North
Ardbrook Ltd
At 19 JUL 2011 11:53AM bshumsky wrote:
Hi, Bill.
When you say you want to "pass" the key, do you mean from (for example) an O4W routine to an INET routine running in the same domain? Or are they on different systems?
If they're on the same system, I'd recommend the following:
If the two routines are running in the same domain, you can even set the random/unique/temporary key into a cookie; your INET routine can then retrieve the cookie and read the "secret" information (rather than getting the random/unique/temporary key from the URL).
Now, if they're not on the same machine, that's more complicated…
- Bryan Shumsky
Revelation Software
At 19 JUL 2011 02:26PM Bill North wrote:
Hi Bryan,
Thanks I like the cookie idea!
Can the O4WI_ENCRYPT routine be used to encrypt the key, then send to INET routine and decrypt?
Regards
Bill
At 19 JUL 2011 04:24PM bshumsky wrote:
Hi Bryan,
Thanks I like the cookie idea!
Can the O4WI_ENCRYPT routine be used to encrypt the key, then send to INET routine and decrypt?
Regards
Bill
The built-in encryption routines that O4WI_ENCRYPT uses are "one way hashes", I believe; they can encrypt, but won't decrypt, the value. It's a VERY STRONG RECOMMENDATION that you never send any information you want to keep secret to the browser; that's why I recommend the use of a file inside OpenInsight, and sending only "random" (non-guessable), temporary keys into that OpenInsight table. Even if that information is intercepted, it won't do anyone any good, no matter how much they work on it.
At 19 JUL 2011 04:36PM Bill North wrote:
Bryan,
Thanks for the explanation. I know good advice so I will use the method you suggest.
Regards
Bill North