in the
location bar, then the referrer would be blank. You can check that out
and send a status 500 in the header.
-Original Message-
From: Syed, Nazeer [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 7:11 PM
To: Struts Users Mailing List
Subject: RE: Disallow user to modify URL
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Disallow user to modify URL in browser address bar
Importance: High
You can check the HTTP_REFERRER host header info.
If you click an url (hyperlink) http://localhost:8080/app/str/testview_srchpost.do
which is given in http://localhost:8080
What you are wanting is not possible.
It's YOUR job (as a developer) to handle situations where they may have
done so.
Hint: unknown=true
Good Luck!!!
--
James Mitchell
Software Engineer / Struts Evangelist
http://www.struts-atlanta.org
678.910.8017
AIM:jmitchtx
-Original
Hallo,
you can, for example, add to url some hash with parameters and salt ...
Jiri
James Mitchell wrote:
What you are wanting is not possible.
It's YOUR job (as a developer) to handle situations where they may have
done so.
Hint: unknown=true
Good Luck!!!
--
James Mitchell
Software
PROTECTED]
Sent: Friday, 22 August 2003 19:22
To: 'Struts Users Mailing List'
Subject: RE: Disallow user to modify URL in browser address bar
What you are wanting is not possible.
It's YOUR job (as a developer) to handle situations where they may have
done so.
Hint: unknown=true
Good Luck
If the user is allowed to view the page, then no problem. If he is not..
then you should have some sessionid authentication and user role and
privilige authentication in every page.
I think that's the only way of preventing a user to go to a restricted
page.
thanks
-raj
how reliable is this!
Sriram
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 2:09 PM
To: Struts Users Mailing List
Subject: Re: Disallow user to modify URL in browser address bar
If the user is allowed to view the page, then no problem
If testview_srchpost.do and testtwoview_srchpost.do are valid action
then you cannot restrict. This means testview_srchpost.do,
esttwoview_srchpost.do are in Struts Config File
If that testtwoview_srchpost.do not Valid action then It will go default
page or Error Page
Thanks
Nazeer
: Rajendra X.
Yadav/EMPL/India/[EMAIL PROTECTED]
Subject: RE: Disallow user to modify
URL in browser address bar
22/08/2003 06:13
On Fri, 22 Aug 2003, Andrew Hill wrote:
Date: Fri, 22 Aug 2003 19:31:18 +0800
From: Andrew Hill [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED],
[EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: RE: Disallow user to modify URL in browser
10 matches
Mail list logo