Re: [chris] Hidding defined variables in POST
Hi Chris,
Thanks for replying. The reason for the "secrecy" is in the form being used; it will be used to make a payment to a 3rd party vendor gateway and the 'secret' fields consist of various information like terminal ID, terminal password, etc. As you can see, if I used the "hidden" form field approach, anyone viewing the source would have access to this information. The "version" field is just one of the required fields that must be sent to the vendor.
The alternative you mentioned is exactly what I was considering pending a non-feasible possibility using what I described; having the user data (credit card, name, etc) sent (POSTed) to another page where it would be processed in a more secure manner before sending to the 3rd party gateway along with the "secret" info for processing. I just haven't decided how or what language I would approach that with yet [unsure]
I'm not above considering a custom build but, like everyone now-days, do not have a big budget for this project. Can you give me an idea of how complex this might be in terms of time and I'll consult with my customer. I'd be happy to call and give more details.
Thanks!
Eric