Forum:

Advantage of using hidden variables

pvsr rao

Ranch Hand

Posts: 102

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

What is the advantage of using hidden variables in jsp

William Brogden

Author and all-around good cowpoke

Posts: 13078

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hidden variables in forms allow you to follow the state of the user without using cookies or sessions. Since many people try to avoid using cookies as a security measure, hidden variables are more universal.

Disadvantages:
1. Users can easily inspect the values by using "view source" in the browser.
2. You have to program your own equivalent of sessions if user state is anything more complicated than hidden variables can represent.

Bill

Jeanne Boyarsky

author & internet detective

Posts: 41878

909

I like...

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Originally posted by William Brogden:

Disadvantages:
1. Users can easily inspect the values by using "view source" in the browser.

And worse: technical users can change them.

[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2

Java 8 (verified skill)
Skill verified by Jeanne Boyarsky

JUnit 5 (verified skill)
Skill verified by Jeanne Boyarsky

Raghavan Muthu

Ranch Hand

Posts: 3389

I like...

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Originally posted by Jeanne Boyarsky:

And worse: technical users can change them.

means, they can alter them before the values are sent to the server? How is that possible by viewing the source?

Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]

Bear Bibeault

Sheriff

Posts: 67747

173

I like...

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Copy and paste the page source. Make the changes. Display the page in the browser and submit.

Hidden variables are useful tools, but should never be used for secure values.

[Asking smart questions] [About Bear] [Books by Bear]

HTML 5 (verified skill)
Skill verified by Jeanne Boyarsky

CSS 3 (verified skill)
Skill verified by Jeanne Boyarsky

JavaScript (verified skill)
Skill verified by Jeanne Boyarsky

Gregg Bolinger

Ranch Hand

Posts: 15304

I like...

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Some frameworks will encrypt hidden variable values and decrypt them once returned to the server so it is a bit more secure. But as has been stated, they should never be trusted 100%. Always validate the data on the server no matter what.

Raghavan Muthu

Ranch Hand

Posts: 3389

I like...

posted 16 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

That's true. Thank you all

Consider Paul's rocket mass heater.