This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I can't append it to URL since that fails in security testing. The tools we use will capture the get parameters and replace them with some other values and try to extract data from database. Any suggestions ?
I will take a ajax based approach as Bear Bibeault suggested.
I got a solution based on jquery ajax using which i can initiate a POST request on link clicking.
Bear Bibeault wrote:A post is no more secure than a get.
From an application/sniffing point of view, I agree. I did hear of an interesting security difference: Get parameters are part of the URL and therefore show up in the web server access log. If something is only a little sensitive, they may not want it hanging out in the logs.