- From: Dave J Woolley <david.woolley@bts.co.uk>
- Date: Wed, 25 Oct 2000 12:58:57 +0100
- To: www-html@w3.org
> From: Shelagh Power [SMTP:s.power@syzygy.net] > > ..but what about technologies such as .jsp where you can assign variables > to > page names and therefore specify the name rather than the url in the > servlet > links? > [DJW:] That's server side, isn't it? How does the name get to the server. It is sent either as part of the URL or as a form parameter. For a specific browser, you might be able to embed that parameter into Java. It makes it more difficult to access, but not impossible - one can use a proxy, if necessary, to recover the data. You are locking out more and more users as you go along this road. Also, once you have server side intelligence, you no longer need to obfuscate the URL, as the server can vet each request, which was the real point that the other respondent was making. My guess is that this question arises from someone using cheap hosting space, which doesn't permit user CGI, or who doesn't have access to the programming skills to create something that is reasonably secure. If the problem is one of wanting to make the file cachable, I believe the standard approach is to change the name every day or so, to make leakage of the URL of limited duration. You can also try to force an end to end If-Modified-Since, although this can be defeated. -- --------------------------- DISCLAIMER --------------------------------- Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of BTS.
Received on Wednesday, 25 October 2000 07:59:10 UTC