Post verses Get

watterson · Post by **watterson** » Wed Mar 01, 2006 1:22 pm

Is there a way to change the FORM METHOD="get" to FORM METHOD="post" when bring up the page:

http://<appliancename>.stsci.edu/texis/search/

We are trying to not expose the query string submitted to the appliance so that the profile name is not exposed and subsequently changed.

We have changed the "get"s to post"s" in the XSL, so after the first result page is returned the variables are hidden, but don't have access to the starting search page.

Post by **mark** » Wed Mar 01, 2006 1:58 pm

Use a form instead of an href to access the search. Give the profile name in a hidden variable instead of in the query string.

You know you're just obfuscating the profile name slightly, not really preventing the user from changing it. Just making it slightly more difficult. Right?

watterson · Post by **watterson** » Wed Mar 01, 2006 2:02 pm

Mark,

Ok, thanks for the help, we'll try that.

Yea, I know the profile will still be accessible. We what to hide it, and clean up the look of the url a bit. With the users we have, when you give them a little info, they will hack at it to see what else they can do.