You're subscribing to a mythical line of reasoning. You're trying to protect against page-scraping by using URL obfuscation to hide the meaning of query string parameters. I have actually done (legitimate, legal, purposefui) page scraping in the past for a couple of tasks - believe me - you are only going to slow down a page scraper by about thirty seconds. If you really have data worth scraping, it doesn't matter if I have to do this:
1 - pull up homepage 2 - determine that I can change "/foo/1" to "/foo/2" to get the second page or this: 1 - pull up homepage 2 - determine that I have to look for a link by search pattern .someclass someelement a#next-page and use the href of that link to get second page of results And (as a page scraper) - I wouldn't even care that I need to have a session for the crypted url strategy to work. I can easily do that with any number of http bot clients (including httpunit, etc). Bottom line is: if you use "security by obscurity", you're only fooling yourself into thinking it's secure. If you need something secured, put a paywall in front of it. (Of course, then I'll just buy an account and scrape it any way if I'm a determined competitor). -- Jeremy Thomerson http://www.wickettraining.com On Tue, May 11, 2010 at 9:13 AM, Fernando Wermus <[email protected]>wrote: > Jeremy, > There is a database with huge amount of data that could be collected by > someone else. If the url has a clear meaning, to say: /data/0, /data/1. > They > can get all the data from there. I would like to have fixed and encripted > urls. > > On Mon, May 10, 2010 at 4:17 PM, Jeremy Thomerson < > [email protected] > > wrote: > > > What is a hacker going to get from a URL like "/somepage"? > > > > -- > > Jeremy Thomerson > > http://www.wickettraining.com > > > > > > > > On Mon, May 10, 2010 at 2:06 PM, Fernando Wermus > > <[email protected]>wrote: > > > > > Igor, > > > Wicket in Action explains > > > "... Using this code, Wicket will encrypt all your URLs—including > > > bookmarkable URLs. ...". > > > > > > I need fixed entry point for my stateless page, but not readable for > > > humans, because some hacker would like to extract all the information > > from > > > the site. > > > > > > How can I achieve this? > > > > > > > > > On Mon, May 10, 2010 at 4:01 PM, Igor Vaynberg < > [email protected] > > > >wrote: > > > > > > > afair crypted strategy only encodes non-bookmarkable urls. it does > not > > > > encode bookmarkable urls because those are meant as entrypoints into > > > > your application. > > > > > > > > -igor > > > > > > > > On Mon, May 10, 2010 at 11:38 AM, Fernando Wermus > > > > <[email protected]> wrote: > > > > > Hi all, > > > > > I create a PagingNavigator stateless. Instead of using a model > to > > > have > > > > > the number page shown, my StatelessPagingNavigator shows the number > > > > through > > > > > parameters. I hope that the page number wouldnt have been showed > > using > > > > > CryptedUrlWebRequestCodingStrategy, but It does. This is rather > > weird; > > > I > > > > > hope any could point me out some solution. Is my class written > > wrongly > > > in > > > > > some way? > > > > > > > > > > > > > > > public class StatelessPagingNavigator extends PagingNavigator { > > > > > private static final long serialVersionUID = 3576836044400027436L; > > > > > > > > > > public StatelessPagingNavigator(String id, DataView dataView) { > > > > > super(id, dataView); > > > > > } > > > > > > > > > > @Override > > > > > protected Link newPagingNavigationIncrementLink(final String id, > > > > IPageable > > > > > pageable, int increment) { > > > > > * **PageParameters p=new PageParameters();* > > > > > * > > > > > * > > > > > * **p.add("increment", String.valueOf(increment));* > > > > > * **p.add("pageNumber", > String.valueOf(pageable.getCurrentPage()));* > > > > > Link link= new BookmarkablePageIncrementLink(id, pageable, > > > > > getPage().getClass(), p){ > > > > > private static final long serialVersionUID = 1L; > > > > > > > > > > public boolean isEnabled() > > > > > { > > > > > return super.isEnabled() && > StatelessPagingNavigator.this.isEnabled() > > > && > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > } > > > > > }; > > > > > return link; > > > > > } > > > > > > > > > > @Override > > > > > protected Link newPagingNavigationLink(final String id, final > > IPageable > > > > > pageable, int pageNumber) { > > > > > * **PageParameters p=new PageParameters();* > > > > > * **p.add("pageNumber", String.valueOf(pageNumber));* > > > > > return new BookmarkablePagingNavigationLink(id, pageable, > > > > > getPage().getClass(), p){ > > > > > private static final long serialVersionUID = -3076648671049640420L; > > > > > > > > > > public boolean isEnabled() > > > > > { > > > > > //return false; > > > > > return super.isEnabled() && > StatelessPagingNavigator.this.isEnabled() > > > && > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > } > > > > > }; > > > > > } > > > > > > > > > > @Override > > > > > protected PagingNavigation newNavigation(final IPageable pageable, > > > final > > > > > IPagingLabelProvider labelProvider) { > > > > > return new PagingNavigation("navigation", pageable, labelProvider) > { > > > > > private static final long serialVersionUID = 1102823179571300337L; > > > > > > > > > > @Override > > > > > protected Link newPagingNavigationLink(final String id, final > > IPageable > > > > > pageable, int pageIndex) { > > > > > * **PageParameters p=new PageParameters();* > > > > > * **p.add("pageIndex", String.valueOf(pageIndex));* > > > > > return new BookmarkablePagingNavigation(id, pageable, > > > > getPage().getClass(), > > > > > p){ > > > > > private static final long serialVersionUID = -3076648671049640420L; > > > > > > > > > > public boolean isEnabled() > > > > > { > > > > > return super.isEnabled() && > StatelessPagingNavigator.this.isEnabled() > > > && > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > } > > > > > }; > > > > > } > > > > > }; > > > > > } > > > > > } > > > > > > > > > > thanks in advance > > > > > > > > > > -- > > > > > Fernando Wermus. > > > > > > > > > > www.linkedin.com/in/fernandowermus > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > -- > > > Fernando Wermus. > > > > > > www.linkedin.com/in/fernandowermus > > > > > > > > > -- > Fernando Wermus. > > www.linkedin.com/in/fernandowermus >
