W3C home > Mailing lists > Public > www-html@w3.org > October 2000

RE: Obfuscating downloaded URIs (was: Download question)

From: Shelagh Power <s.power@syzygy.net>
Date: Wed, 25 Oct 2000 12:33:55 +0100
Message-ID: <FBCE39CE4112D411AB3C00D0B7445969A6D931@mailpost.syzygy.net>
To: www-html@w3.org
>The answer is that it is fundamentally impossible
>to do it, as users can view source or bypass the 
>browser.

..but what about technologies such as .jsp where you can assign variables to
page names and therefore specify the name rather than the url in the servlet
links? 

Not html but I don't think this is impossible

-----Original Message-----
From: Dave J Woolley [mailto:david.woolley@bts.co.uk]
Sent: Wednesday, October 25, 2000 11:43 AM
To: www-html@w3.org
Subject: Obfuscating downloaded URIs (was: Download question)


> From:	Bakos Peter [SMTP:koka@makacs.poliod.hu]
> 
> Is there any way to hide the url of the downloadable file?
> 
[DJW:]  This appears to be a question about
a particular browser, not standard HTML, and 
therefore off topic.

The answer is that it is fundamentally impossible
to do it, as users can view source or bypass the 
browser.

It is also very undesirable from a security point of
view, as users need to make judgements on whether they
trust what is being downloaded.

You can obfuscate links to some extent by using non-HTML
techniquese, like Javascript, and that might work for
media types that don't display by default, but you can
still read source, and normal browsers will still include
part of the URI in the confirmation message.  
In fact, if any site tried to do this
to me with Javascript I'd definitely read the source to
make sure they weren't pulling any other tricks.  I'd
first have to turn scripting on!
-- 
--------------------------- DISCLAIMER ---------------------------------
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of BTS.


>  
Received on Wednesday, 25 October 2000 07:30:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:44 GMT