Hiding actual link in hyperlink

I have

echo <a href=\"javascript:;\"  onClick=\"window.open('". $link ."','no','scrollbars=yes,width=550,heig开发者_如何学Pythonht=400')\" >View report</a>

$link contains sensitive information, so I'm wondering if there is a simple way to prevent this link showing up explicitly when you "view source code" on the browser. Any alternative to href would be fine. I just need to give the user an option to click and see his processing result after he submits some data. I would like to avoid having auto popups as soon as the processing is submitted.

UPDATE: so the $link is a GET URL that includes a user ID and password.. It's internal right now so it's fine, but I'm thinking of putting this on our online server in the future. I'm very much a novice with PHP, so this is probably not in the near future as I don't know much about security features that need to be implemented for a live site on the Internet. Right now, it seems that utilizing a database would be the best way to go. Correct me if I'm wrong, please, and thanks for all of the support!

If the user has to navigate to the link, there is no way to actually hide the information. You should rethink how your process works so sensitive information is not displayed in the link.

Perhaps you can store the information in a database table and the link would just use the id of the row that has the information.

Simply put: No. If you send me to a URL, I will be able to see it using some sort of tool. Wireshark, Fiddler, etc. Consider using a different link structure.

If the user already owns a session, this is an option:

If you render a page and need to protect this given sample secret URL

http://www.MyHost.com/?what?secret&id=23232

save the URL in the user's session and associate a hash value with the secret URL.

Instead of sending the URL to the result HTML-page, insert another URL, e.g.

http://www.MyHost.com/?continueWith=<hashValue>

If this URL gets called, check the user's session and retrieve and delete the secret URL. Then continue to evaluate, as if the user had called the secret URL.

This way, no parameter of the original secret URL ever reaches the user's browser.

To refine the schema, attach a lifetime to the URL saved in the session. If a request comes later as the end of life, return an error.

If you protect all URL in such a way, users won't be able to call arbitrary URLs, since all acceptable URLs are those inside their sessions. Thus, a user will even not be able to change parameters of less secret URLs.

How is $link generated in the first place? If it is sensitive, this implies that the user has already been authenticated somehow. Thus, the information in $link can be stored in the session where it's safe

Save all the information in your PHP session (or preferably the session system your PHP framework uses) and then just send some kind of non-db-associated identifier in the link so that the code knows what you want to do next.

For example you could have a link to "http://www.yourdomain.com/sec/special_action/4" with "sec" meaning secure, "special_action" being the name of the action to take, and "4" being the action id reference.

So lets say you have to have it associated to their social security number. Then you would in your back end use a salted hash to encrypt the SSN and save it to the session data. You then append it to the end of your session array and get an array count. If it returns 5 then you know that the encrypted SSN is saved in index 4 (since PHP uses 0 based indexing). So you send along that index as part of the link to confuse things even more. Heck you can even salt and hash the index if you want.

The user clicks on the link, the code finds the index, grabs the encrypted content, decrypts it, then uses it. Easy and secure.