Jump to content

Securely pass data


muppet77

Recommended Posts

Hi. I've got a setup at the moment that goes :

 

1. User completes a HTML form which gets passed by hidden forms to

2. A php/HTML page that uses this data by POST to then draw a graph in

3. Using phplot. Again the data is passed on a hidden form and POSTS are used.

 

My question is how can I change the set up so that users cannot access the posted data?

 

Thank you.

Link to comment
Share on other sites

Hi. My description and explanations are pretty simple I'm afraid - only because of my newness to this.

 

I've cobbled together some php pages and the user inputs some requirements in a HTML "hidden" form which is then passed to the next php page. A POST command gets the previously inputted data and then draws a graph in phplot.

 

I've done it his way as it's the only way I know how.

 

Is there a way where the user can't see the "hiddden" data that is passed on by the php pages (as some of it comes from an equation that I'd like to remain secret)?

 

Thanks.

Link to comment
Share on other sites

Is there a way where the user can't see the "hiddden" data that is passed on by the php pages

No. If you send it as a part of the page, the user can do whatever they want with it.

 

Maybe look into sessions here to store the values? I assume they're specific to each user's request and that's a reason why the can't just be PHP variables/constants/functions strictly in the PHP script?

Link to comment
Share on other sites

Yes they are specific to each user.

The second php page then manipulates this data to get new values.

These values are he ones I don't want the user to see.

These new values are then passed to script three where the graph is drawn in phplot.

 

Ideally I just want them to get the final graph with being able to see the POSTED data.

 

You mention sessions....?

Link to comment
Share on other sites

The second php page then manipulates this data to get new values. 

These values are he ones I don't want the user to see. 

These new values are then passed to script three where the graph is drawn in phplot. 

 

 

the second page should also produce the plot. there's no need for a third page.

Link to comment
Share on other sites

Yeah, why can't you draw the graph on page 2?

 

Honestly, if you want anymore advice past this, you're going to need to start sharing code for each of the pages, so we can see what's really going on. Blank out your secret formulas, if necessary, but we have to see the flow clearly.

Link to comment
Share on other sites

Thanks. I've read up on sessions and had a go in php, successfully getting a variable from one page to another.

 

General question - can a variable in a session be viewed by a user at all if it is not echoed?

Eg using Firebug or somehinf to see what's happening behind the script?

 

Thanks

Link to comment
Share on other sites

General question - can a variable in a session be viewed by a user at all if it is not echoed?

Eg using Firebug or somehinf to see what's happening behind the script?

No, the user only sees the reference to the data, something the server uses to identify where the real data is at for that user. The data only exists on the server.

 

EDIT: That said, it's not a "secure" place to store things. You could echo $_SESSION or something containing session values accidentally or leave up a test script that exposes it or have a PHP vulnerability that can expose it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.