coldfusioncfwheels

CFWheels: Redirect to URL with Params Hidden


I am using redirectTo() function with params to redirect to another pages with a query string in the url. For security purpose this does not look appealing because the user can change the parameters in the url, thus altering what is inserted into the database.

My code is:

redirectTo(action="checklist", params="r=#r#&i=#insp#&d=#d#");

Is there anyway around this? I am not using a forms, I just wish to redirect and I want the destination action/Controller to know what I am passing but not display it in the url.


Solution

  • You can obfuscate the variables in the URL. CfWheels makes this really easy.

    All you have to do is call set(obfuscateURLs=true) in the config/settings.cfm file to turn on URL obfuscation.

    I am sure this works with linkTo() function. I hope it works with RedirectTo() funcation as well. I do not have a set up to check it now. But if doesn't work for RedirectTo(), you can obfuscateParam() and deObfuscateParam() functions to do job for you.

    Caution: This will only make harder for user to guess the value. It doesn't encrypt value.

    To know more about this, Please read the document configuration and defaults and obfuscating url