I would like to avoid passing variables by URL when I build links from one event to another between two views. My concern here is security and possible tampering with the URL query string. I managed to achieve this goal by leveraging hidden inputs in forms instead of using a query string with event.buildLink(). Typical use case is linking a list View (index.cfm) to other Views like in the example below:
index.cfm:
#car_carrier_cd# #car_carrier_nm# #car_awb_prefix#This way, the variable varCD become accessible in the Request Collection, but yet does not appear on the URL when the link is built. So far it works fine, but before I re-write all my code in this way, I would like to seek your opinion: does this practice make sense or is there a better way to achieve the same objective? Or, am I getting slightly paranoid with URLs?
Thanks
Philippe
A hacker can tamper with a form field just as easily as they can a URL variable. Also, changing every page in your site to be a POST sounds like a pain, since the user would be unable to refresh any pages without their browser yelling at them.