• Post Reply Bookmark Topic Watch Topic
  • New Topic

Advantage of using hidden variables  RSS feed

 
pvsr rao
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the advantage of using hidden variables in jsp
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hidden variables in forms allow you to follow the state of the user without using cookies or sessions. Since many people try to avoid using cookies as a security measure, hidden variables are more universal.

Disadvantages:
1. Users can easily inspect the values by using "view source" in the browser.
2. You have to program your own equivalent of sessions if user state is anything more complicated than hidden variables can represent.

Bill
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 37181
515
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by William Brogden:

Disadvantages:
1. Users can easily inspect the values by using "view source" in the browser.

And worse: technical users can change them.
 
Raghavan Muthu
Ranch Hand
Posts: 3389
Mac MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jeanne Boyarsky:

And worse: technical users can change them.


means, they can alter them before the values are sent to the server? How is that possible by viewing the source?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66144
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Copy and paste the page source. Make the changes. Display the page in the browser and submit.

Hidden variables are useful tools, but should never be used for secure values.
 
Gregg Bolinger
Ranch Hand
Posts: 15304
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Some frameworks will encrypt hidden variable values and decrypt them once returned to the server so it is a bit more secure. But as has been stated, they should never be trusted 100%. Always validate the data on the server no matter what.
 
Raghavan Muthu
Ranch Hand
Posts: 3389
Mac MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's true. Thank you all
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!