473,473 Members | 1,489 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

hiding the URL!?

2 New Member
Hi!...plse help...

I am unsure of the best approach to a problem I need to overcome.
Basically I auto e-mail my user community a URL for their particular entry on a database when a ticket is raised for them, this URL contains an ID to the record each user needs to access (searches). The problem is a User can modify the URL to see other entires simply by changing the ID...The app generates its own pages and interfering with the Java behind these pages would be inappropriate. What I was wondering is whether there was a method by which I could hide the URL in the address bar perhaps by using frames somehow passing the ID as a variable from the email that I can construct?...or have some kind of script to hide the URL or redirect the page somehow?...can anybody suggest a good approach or point me in the right direction the ID will change everytime?...I know this might sound a little odd but it's all I have to work with with the app I have...

thanks

P
Feb 26 '06 #1
4 3567
Banfa
9,065 Recognized Expert Moderator Expert
I don't know for sure but the methods you suggest would only stop someone with little IT knowledge from viewing the URL.

For instance you could use a frameset, the url you want hidden would not appear in the address bar, however it would be in the text of the frameset and all a user would have to do to find that url would be to view the source of the frameset.

I would suggest having both the ID and username in the URL and only displaying the data if the ID matches the username, this way your users can not just change the ID to view someone elses data. Of course this would not work in a office environment where some could easily guess another persons username.

Alternitively trust your users?
Feb 26 '06 #2
Niheel
2,460 Recognized Expert Moderator Top Contributor
You could create a random 10 character key with each ticket ID. Send the key with the ID in the URL. When you show the ticket via the browser check to makesure that the ticket ID matches the random key. It's hard for people to guess random keys.

example URL:
Expand|Select|Wrap|Line Numbers
  1.  http://www.mydomain.com/ticket.php?ticketid=3232&rkey=d484kafq46
Feb 26 '06 #3
peternemo77
2 New Member
You could create a random 10 character key with each ticket ID. Send the key with the ID in the URL. When you show the ticket via the browser check to makesure that the ticket ID matches the random key. It's hard for people to guess random keys.

example URL:
Expand|Select|Wrap|Line Numbers
  1.  http://www.mydomain.com/ticket.php?ticketid=3232&rkey=d484kafq46

Thanks for the feedback...however I have already been down that route. Basically a generic U/P are used along with the ID in the URL, and I know it sounds a bit strange, I can't pass a key like this because of various constraints with the app...all I can do is somehow redirect the URL...I was thinking of some sort of script to control the URL from a redirect somehow but can't figure out how to perform the query against the database and show the results and hide the ID?...I thought of the frame idea (RE:Banfa) also because I was looking into how to have the frame show the query meaning the URL would be hidden in the page for users not to see - I thought perhaps I could somehow hide the URL within the page or simply allow users to see the URL (if they really wanted - it's different if it's in the actual address bar) It's only an Intranet page - however I would like some code advice on either of these two approaches if possible...

R
Feb 26 '06 #4
Niheel
2,460 Recognized Expert Moderator Top Contributor
Well if a generic(not actual employee's username/password) are passed along with the ticketid then you are safe. As long as the generic password and username isn't the same for every ticket.

Also, it's a intranet so you are somewhat in the clear. As far as redirects; i don't know what you would redirect to cuz you need an identifier such as the ticketid to tell you what ticket to display.

For this to be truly secure you need a key/hash that is random. Or request that the employee login with their username and password(real) before they can view their ticket.
Feb 26 '06 #5

Sign in to post your reply or Sign up for a free account.

Similar topics
6
Hiding inherited members
by: thechaosengine | last post by:
Hi all, Is there a way to hide a member in a subclass that has been inherited from a base class? Lets leave aside any issues regarding whether its a good idea for a moment. Here's an example...
Latest Bytes
11
Data hiding?
by: Lorenzo Villari | last post by:
I premise I don't know C++ well but... I wondered what is this data hiding thing... I mean, if I can look at the header (and i need it beacuse of the class), then what's hidden? Can someone give...
Latest Bytes
5
How to implement "information hiding" into my code?
by: Amir S. | last post by:
Hi, I'm a newbie to C++ (2 weeks into the course). We were given this assignment to write some code that reads a set of integers (grades) from a file (filename passed by console), outputs them...
Latest Bytes
2
difference between data hiding & watermarking
by: coolwarrior | last post by:
Hi, 1_I want to know the difference between "data hiding" , "steganography" ,"watermarking" ,"capsulation" related to DSP. 2_There r plenty of informaion about data hiding for images on the web...
Latest Bytes
4
Override vs Name Hiding
by: Sharon Tal | last post by:
Hi all. I am trying to figure out the differences between overriding and hiding a method name. The only difference i can see, is that with name hiding i can change the method access level. Are...
Latest Bytes
1
Hiding and Showing Columns in the DataGrid Control...
by: Amber | last post by:
The DataGrid allows you to make columns visible or invisible on demand - even edit and other special columns. This article will show you how it is done. Some developers have reported problems...
Latest Bytes
9
reason for existance of function hiding
by: bob | last post by:
Hi, I know there exists a good reason why the designers of c++ decided that function hiding should exist. But I don't know why. Can anybody provide a good reason/example of a case where function...
Latest Bytes
3
Why does "function hiding" exists in C++
by: Nicolas Castagne | last post by:
Hi all, I have been wondering for a while why function hiding (in a derived class) exists in C++, e.g. why when writing class Base { void foo( int ) {} }; class Derived: public Base { void...
Latest Bytes
11
Memory leak while Hiding a form
by: Alex | last post by:
Hello all, I have a main form(say "form1") .i want to display another form(say "form2") on occuring of an event (say a button click) and want to hide it after some time so that it will again...
Latest Bytes
162
Why does python not have a mechanism for data hiding?
by: Sh4wn | last post by:
Hi, first, python is one of my fav languages, and i'll definitely keep developing with it. But, there's 1 one thing what I -really- miss: data hiding. I know member vars are private when you...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us