Transaction Token will help, but it will not do everything you want to do. Max is right, this is the nature of Web application. Even with Transaction Token user, if he has a copy of the token, can still create request and hit your app without the app knowing about. Plus, not every resource in your app. Will have a transaction token, even if it is a lot of effort need to be made for every request to check and update token.
-----Original Message----- From: veera maria [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 8:20 AM To: [EMAIL PROTECTED] Subject: Re: Prevent URL requested directly from browser Yes... I know quite well the philosophy around this question but how about the technical implemantation? Have you any ideas about it? Has anyone used succesfully tokens to solve this kind of problem? I have seen technical solution to this kind of problen (and it worked), but can not remember it's details. So, please those who have experience give some tips. Br M.V >From: "Max Cooper" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >Subject: Re: Prevent URL requested directly from browser >Date: Tue, 9 Sep 2003 18:06:04 -0700 > >Keep these things in mind as you develop a solution: > >1. There is absolutely no way to prevent users from making whatever >requests >they want. Bookmarking, typing in URLs, emailing URLs, etc. are all >possible >and there is nothing that can be done to prevent people from making these >requests. > >2. You do have total control over how your web app responds to those >requests. > >-Max > >----- Original Message ----- >From: "veera maria" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Tuesday, September 09, 2003 11:11 AM >Subject: Prevent URL requested directly from browser > > > > Hello, > > > > What is the best way to prevent user to request web application's > > actions from browser manually? > > > > E.g. user is using web application and taking it's current url > > to clipboard. Then user goes e.g. to Google for surfing for a while. > > After surfing (s)he pastes web applications url back to browser's > > address field. > > Best technique in Struts applicaton to prevent this? > > > > Vera > > > > _________________________________________________________________ > > Tilaa nyt Hotmail postit kännykkääsi! http://www.msn.fi/mobiili/ > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _________________________________________________________________ MSN Messenger - kaikki ystävät klikkauksen päässä! Lataa tästä ilmaiseksi. http://www.msn.fi/viestintapalvelut/Messenger --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message and any attachments are for the intended recipient(s) only and may contain privileged, confidential and/or proprietary information about Downey Savings or its customers, which Downey Savings does not intend to disclose to the public. If you received this message by mistake, please notify the sender by reply e-mail and delete the message and attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
