Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Hide URL

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i'm using an html link not in html form and i would like to hide the url when i press on this link , how can i do it ?
 
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mohamad,

the URL a link points to has to be known to the browser and so is inevitably visible to a user.

I think the only thing you can do about this, is to obfuscate a link by using some kind of dynamically generated pseudo URL. Still at least the hostname of the target would still be known to the user.

What's the point in hiding the URL?

Marco
 
Mohamad Ibrahim
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Marco for your interest .
i cannot use pseudo because the parameters are from the database which are added by the user like username .
and i want to hide the URL for security i cannot let the user to change the username parameter from the URL and view his or her data without login first .
notice that i receive those parameters from another application coded by ASPX which get them from the database
 
Marco Ehrentreich
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mohamad,

although I don't have very detailed information about your project this sounds to me like you're trying to establish something like a user sessions by adding user credentials as parameters to URLs. I think this "authentication mechanism" is not very secure, regardless if the user sees a link to change the parameters or uses other tools to inject the parameter he wants.

Why don't you use the usual session handling mechanism of Java web applications, i.e. session cookies or unique session IDs in the URL? This way the Servlet container can take care of user authentication and authorisation which also prevents a user to access a protected URL without a valid session (after his login).

Or maybe I just don't understand your requirements. What exactly does the said ASPX application do? Does it log into your application using the user name and password as URL parameters? Then another way to communicate would probably be more appropriate.

Marco
 
Marshal
Posts: 67418
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hiding the URL will provide no measure of security. The end user will easily be able to see the parameters using any number of network and browser tools. And unless you are using SSL, the information is passed in clear text over the network where anyone can see it.

If you are concerned with security (as you should be), then taking real security measures is necessary. Hiding the URL isn't one of them.
 
Mohamad Ibrahim
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Marco and Bear Bibeault
It is clear for me now , thanks for help
 
today's feeble attempt to support the empire
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic