wait wait I know!

<idea type="silly" today="friday" drink="beer">
Have only ONE url for the whole application.
Give every page a hidden field named "theRealUrl" and all links etc....
actually fire javascript that sets this hidden field and POST to that one
acceptable url, then you have a filter (or override ActionServlet) that uses
the value in "theRealUrl" to redirect the request appropriately. Any request
that doesnt have a value for "theRealUrl" gets shunted off to the access
denied page...
</idea>

hehe, or to quote James: "Good Luck!!!"

-----Original Message-----
From: James Mitchell [mailto:[EMAIL PROTECTED]
Sent: Friday, 22 August 2003 19:22
To: 'Struts Users Mailing List'
Subject: RE: Disallow user to modify URL in browser address bar


What you are wanting is not possible.
It's YOUR job (as a developer) to handle situations where they may have
done so.

Hint: unknown="true"

Good Luck!!!

--
James Mitchell
Software Engineer / Struts Evangelist
http://www.struts-atlanta.org
678.910.8017
AIM:jmitchtx




> -----Original Message-----
> From: sriram [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 22, 2003 2:16 AM
> To: 'Struts Users Mailing List'
> Subject: Disallow user to modify URL in browser address bar
>
>
> How to identify if user has manipulated the URL in Address
> Bar of the browser?
>
> For ex., the application displays a page with the following URL:
>
> http://localhost:8080/app/str/testview_srchpost.do
>
> Now, the user modifies the URL in the address bard. Instead
> of testview_srchpost.do, user types testtwoview_srchpost.do
> and clicks ENTER.
>
> I want to restrict such types of URL modification Struts
> application. I should take the user to a default access
> denied page when ever user does such changes.
>
> How to identify this action of the user? Pl. give some ideas.
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to