• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

URL rewriting

 
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As explained URL rewriting will be used with cookies are not supported on client machine.

once I start encoding the URL client will receive

http://<server name>:<port number>/<servlet-name>:<session id>

if user is smart enough he/she would copy the resonse and revert back with same response from another machine.

this shall work till the session is alive.

I see a major security threat in this kind of solution

do you agree with me or I dont know something important that makes URL rewriting a secured thing.
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

The session ids are passed in the payloads (body of the response) not in the URLs in the browser window normally. For the security there are other mechanisms like SSL, so other person can not see/alter the contents. If the client itself want to tamper the response, anyway cookies are stored in his computer. So he can also play with the cookies and find the session ids. Cookies are not consider safe , that why some people disabled them.

Nothing is 100% secure in internet. It depends on the application needs, security policies definded etc. As there are more and more evaluations in technologies, the hackers also use more and more sopisticated tools.

This is my opinion, please comment.

Thanks
 
Ranch Hand
Posts: 2023
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
URL rewriting and cookies are session tracking techniques. Session Tracking.
 
There’s no place like 127.0.0.1. But I'll always remember this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic