开发者

iframe security

I ve a task in which I insert on a page iframe only when user enters valid code. User enters a code I check whether its valid and if it is I ins开发者_开发问答ert iframe element on my site. It works great but I wonder if its possible to hide src of the iframe cause when one knows the source of the iframe can get onto this site whenever one want without valid code any more.

is it common problem ? what can I do about this ?


You can not hide the source. Find another way to do it.


You can't hide the src of an iframe. Even if you could hide it from the user, it's easy enough to find, after all, your browser has to make an HTTP request. It seems the easiest solution to your problem is just have something like:

if (code == whateverTheCodeIsSupposedToBe){
   Session["CorrectCode"] = true;
}

Then in your iframe page do:

if (Session["CorrectCode"] != true){
  Response.Redirect("SorryYouDontHaveTheRightCode.aspx");
}


As the others have said, the browser NEEDS the iframe source to draw it, so there really isn't a way to tell the browser the src and at the same time NOT tell it.

I'll try to add some value here with respect to your underlying problem. Why not pass the validation code that the user enters to the page inside the frame and have that page verify it is correct?

Then it doesn't matter if the user knows the src of the frame, without the validation code it won't do them any good.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜