• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

URL rewriting

 
Chetan Sahasrabudhe
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As explained URL rewriting will be used with cookies are not supported on client machine.

once I start encoding the URL client will receive

http://<server name>:<port number>/<servlet-name>:<session id>

if user is smart enough he/she would copy the resonse and revert back with same response from another machine.

this shall work till the session is alive.

I see a major security threat in this kind of solution

do you agree with me or I dont know something important that makes URL rewriting a secured thing.
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

The session ids are passed in the payloads (body of the response) not in the URLs in the browser window normally. For the security there are other mechanisms like SSL, so other person can not see/alter the contents. If the client itself want to tamper the response, anyway cookies are stored in his computer. So he can also play with the cookies and find the session ids. Cookies are not consider safe , that why some people disabled them.

Nothing is 100% secure in internet. It depends on the application needs, security policies definded etc. As there are more and more evaluations in technologies, the hackers also use more and more sopisticated tools.

This is my opinion, please comment.

Thanks
 
wise owen
Ranch Hand
Posts: 2023
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
URL rewriting and cookies are session tracking techniques. Session Tracking.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic