hello, is somebody please able to help me?

My problem is the way my visitors have to access the chat rooms:

http://my.host/palace/client/a.htm?DefName=THOMAS &DefAv=1&entryroom=90

The variable "DefName" contains the nickname "THOMAS", and as the url is now, everybody is able to change nickname by altering the url... and this is really bad (cloning, kidding, angry users...)

How can I prevent this?

I will also install a user management script, therefore I will require that my users register. But registration is useless untill everybody is able to change the nickname by altering the url. The "DefName" should therefore be loaded from the user db... but how do I crypt/masquerade the url?

Thanks a lot for your hints!!

Well it kinda seems that the problem might be the chat software you using... That sounds like a design bug on their end not yours...

If the user name must be sent through the URL like that there really is no way to secure it.

Obsfuscation is the only method, which really isn't good security.

One way would be to set the chat off in a frame therefore the URL won't be passed to the Address bar but, it's still in the status bar. That can be fixed with some javascript. I can't remember what it is off the top of my head you could def. find it in javascriptsource.com....

Even w/ all of that done a simple view source will still show the user name...

is there no way to call this url f.eg. by using a php script... or if necessary by any other language running under unix... and therefore altering the url so much making it impossible for users to understand how it works?

the java solution... well it would be better than nothing, but its not as I would like to have it.

thanks!