is there a possibility to encrypt or just don't display the Get Parameters in the Internetbrowser when im using JavaServlets on Tomcat?
that means for example: localhost/main?id=3
should be displayed like this: localhost/main or localhost/main?6puu4YjzScxHsv9t....
Is there a simple and fast solution? Does this make sense?
Thx for your tips..
You could use POST instead of GET on your HTML form. This will turn localhost/main?id=3 into localhost/main. The parameter id will still be passed and you should be able to retrieve its value in the same way, on the server-side.
Related
I have a rails application in which I would like to generate a url based on a parameter, but for that parameter to be hidden from public view. So essentially working like a POST request but being able to be typed in like a GET request.
For example using a QR reader I could have the address as www.site.com/qr?lot_no=18007 but when a user scans the QR image it only shows www.site.com/qr but displays the results related to lot_no=18007.
Not sure if this is possible or not. But any help would be greatly appreciated.
If all you want to do is to prevent it from showing up in the address bar of the browser, you could use Rails.ajax to make the request dynamically through Javascript.
That will at least hide it from casual inspection, but there is no way to suppress the parameters from the query string on a GET completely, so anyone looking at the Networks tab in the browser (for example) would still see them.
Another alternative would be to encrypt the parameter value.
Maybe the Friendly id gem may be of help here
The following is an example of it's use is
http://example.com/states/washington
instead of:
http://example.com/states/4323454
This is not going to work with a post request as you mention though. It is a way of using a get request that would normally send an id in the params hash to retrieve existing records.
The gem can be found here https://github.com/norman/friendly_id
It is well maintained and up to date
Configure different route for public facing URL, the URL should include encrypted lot id as a path param.
routes.rb
get '/view_lot/:id' => 'QrCodesController#view_lot`, as: :public_view_lot
now in QrCodesController add action view_lot
def view_lot
encrypted_id = params[:id]
id = decrypt_it(encrypted_id)
#lot = Lot.find(id)
render "your_template"
end
in you QR code generation, pass URL to above action with encrypted id like public_view_lot_url(lot_id)
I want to pass a variable in my URL but not show it in the URL for SEO purposes
e.g www.mywebsite.com/Search?city=NYC should looks like www.mywebsite.com/Search and still be able to retrieve the value of "city" on the page.
Thanks
Simply use a POST request and you're done. However, is a common pratice to use GET request for search forms because the user can bookmark the url. Using POST, this isn't possible.
I just used Rewrite rules to accomplish this.
When I allow a user to enter text using s:textfield, he can enter something like <b>Name</b> or something like \Me/. I want that these should be escaped before I am saving them to the database. When we retrieve them, the escaping is done automatically, but I want it to happen also when we are saving it.
I was trying to return a json output from my action class, but due to a name \a/ stored in my database, wrong json was being formed. This would have been avoided if the name had been escaped before being saved into the database.
You can use StringEscapeUtils. You can call escapeJavascript(textfield) in your action and then store it into the database.
#Daud, The problem you explained is called Cross site scripting or XSS.
And I think you should use Filters to clean the request parameters. This is the most sophisticated way. You can call these filters for the actions which are posting some parameters via request.
Visit my blog to see how to avoid XSS threat using Filter approach.
I also faced this issue when our project was tested by well known firm specializing in security testing and they suggested this filter approach.
You can give it a try.
i want to pass a parameter in url blank but localhost server tell that it is bad url. are i can make them work in MVC 3
the url is
http://localhost:6251/time/saturdau/first/second//nextparameter
you can see that third parameter is blank here. are this request can work whenever 4th parameter pass without passing 3rd paramter.
what i do to make this work.
rather put a work around on this say you make a convention if the parameter passed is null you may try passing something like my_conventional_null_indicator
so instead of making it look like this
http://localhost:6251/time/saturdau/value1/34//70
do this
http://localhost:6251/time/saturdau/value1/34/my_conventional_null_indicator/70
but the best way would still be the conventional way
http://localhost:6251/time/saturdau?param1=value1¶m2=34¶m3=¶m4=70
or the much better way is to maximize the capability of the RouteValueDictionary.
This is not allowed. You can have optional parameters, but they must be the last segment in the URL. You can't have an optional parameter in the middle.
I'm considering using the hash method to create static urls to content that is managed by ajax calls in a Asp.Net MVC. The proof of concept i'm working on is a profile page /user/profile where one can browse and edit different sections. You could always ask for the following url /user/profile#password to access directly to you profile page, in the change password section
However, i'm wondering if i'm not starting this the bad way, since apparently i can't access the part after the hash in any way, except by declaring a route value for the hash in global.asax. So i'm wondering if this is the right way to access this part of the url?
Am i supposed to declare a route value, or is there another way to work with hash values (a framework, javascript or mvc)?
Edited to add:
In pure javascript, i have no problem using the window.location.hash property, i'm not sure though how standard it is in today's browsers, hence the question about a javascript framework/plugin that would use it.
The thing is that the part that follows the hash (#) is never sent to the server into the HTTP request so the server has absolutely no way of reading it. So no need to waste time in searching for something that doesn't exist.
You could on the other hand tune your routes to generate links that contain the hash part so that client scripts can read it.
Send the hash value document.location.hash as a parameter to the controller action of your choice.
This can be done in the code if needed...
RedirectResult(Url.Action("profile") + "#password");
should work fine