There are no locks which thieves couldn't unlock or break - nevertheless the locks keep 99% of them not to try - that is why we lock our doors at home.
The same is here, I believe that at least some security will make more than 90% spam / scrap bots fail, while the other few percent does not matter SO much - that it couldn't be handled manually. Another question is - is it worth trying so hard? Žilvinas Vilutis Mobile: (+370) 652 38353 E-mail: cika...@gmail.com On Tue, May 11, 2010 at 10:17 PM, Jeremy Thomerson < jer...@wickettraining.com> wrote: > You're subscribing to a mythical line of reasoning. You're trying to > protect against page-scraping by using URL obfuscation to hide the meaning > of query string parameters. I have actually done (legitimate, legal, > purposefui) page scraping in the past for a couple of tasks - believe me - > you are only going to slow down a page scraper by about thirty seconds. If > you really have data worth scraping, it doesn't matter if I have to do > this: > > 1 - pull up homepage > 2 - determine that I can change "/foo/1" to "/foo/2" to get the second page > > or this: > > 1 - pull up homepage > 2 - determine that I have to look for a link by search pattern .someclass > someelement a#next-page and use the href of that link to get second page of > results > > And (as a page scraper) - I wouldn't even care that I need to have a > session > for the crypted url strategy to work. I can easily do that with any number > of http bot clients (including httpunit, etc). > > Bottom line is: if you use "security by obscurity", you're only fooling > yourself into thinking it's secure. If you need something secured, put a > paywall in front of it. (Of course, then I'll just buy an account and > scrape it any way if I'm a determined competitor). > > -- > Jeremy Thomerson > http://www.wickettraining.com > > > > On Tue, May 11, 2010 at 9:13 AM, Fernando Wermus > <fernando.wer...@gmail.com>wrote: > > > Jeremy, > > There is a database with huge amount of data that could be collected > by > > someone else. If the url has a clear meaning, to say: /data/0, /data/1. > > They > > can get all the data from there. I would like to have fixed and encripted > > urls. > > > > On Mon, May 10, 2010 at 4:17 PM, Jeremy Thomerson < > > jer...@wickettraining.com > > > wrote: > > > > > What is a hacker going to get from a URL like "/somepage"? > > > > > > -- > > > Jeremy Thomerson > > > http://www.wickettraining.com > > > > > > > > > > > > On Mon, May 10, 2010 at 2:06 PM, Fernando Wermus > > > <fernando.wer...@gmail.com>wrote: > > > > > > > Igor, > > > > Wicket in Action explains > > > > "... Using this code, Wicket will encrypt all your URLs—including > > > > bookmarkable URLs. ...". > > > > > > > > I need fixed entry point for my stateless page, but not readable for > > > > humans, because some hacker would like to extract all the information > > > from > > > > the site. > > > > > > > > How can I achieve this? > > > > > > > > > > > > On Mon, May 10, 2010 at 4:01 PM, Igor Vaynberg < > > igor.vaynb...@gmail.com > > > > >wrote: > > > > > > > > > afair crypted strategy only encodes non-bookmarkable urls. it does > > not > > > > > encode bookmarkable urls because those are meant as entrypoints > into > > > > > your application. > > > > > > > > > > -igor > > > > > > > > > > On Mon, May 10, 2010 at 11:38 AM, Fernando Wermus > > > > > <fernando.wer...@gmail.com> wrote: > > > > > > Hi all, > > > > > > I create a PagingNavigator stateless. Instead of using a model > > to > > > > have > > > > > > the number page shown, my StatelessPagingNavigator shows the > number > > > > > through > > > > > > parameters. I hope that the page number wouldnt have been showed > > > using > > > > > > CryptedUrlWebRequestCodingStrategy, but It does. This is rather > > > weird; > > > > I > > > > > > hope any could point me out some solution. Is my class written > > > wrongly > > > > in > > > > > > some way? > > > > > > > > > > > > > > > > > > public class StatelessPagingNavigator extends PagingNavigator { > > > > > > private static final long serialVersionUID = > 3576836044400027436L; > > > > > > > > > > > > public StatelessPagingNavigator(String id, DataView dataView) { > > > > > > super(id, dataView); > > > > > > } > > > > > > > > > > > > @Override > > > > > > protected Link newPagingNavigationIncrementLink(final String id, > > > > > IPageable > > > > > > pageable, int increment) { > > > > > > * **PageParameters p=new PageParameters();* > > > > > > * > > > > > > * > > > > > > * **p.add("increment", String.valueOf(increment));* > > > > > > * **p.add("pageNumber", > > String.valueOf(pageable.getCurrentPage()));* > > > > > > Link link= new BookmarkablePageIncrementLink(id, pageable, > > > > > > getPage().getClass(), p){ > > > > > > private static final long serialVersionUID = 1L; > > > > > > > > > > > > public boolean isEnabled() > > > > > > { > > > > > > return super.isEnabled() && > > StatelessPagingNavigator.this.isEnabled() > > > > && > > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > > } > > > > > > }; > > > > > > return link; > > > > > > } > > > > > > > > > > > > @Override > > > > > > protected Link newPagingNavigationLink(final String id, final > > > IPageable > > > > > > pageable, int pageNumber) { > > > > > > * **PageParameters p=new PageParameters();* > > > > > > * **p.add("pageNumber", String.valueOf(pageNumber));* > > > > > > return new BookmarkablePagingNavigationLink(id, pageable, > > > > > > getPage().getClass(), p){ > > > > > > private static final long serialVersionUID = > -3076648671049640420L; > > > > > > > > > > > > public boolean isEnabled() > > > > > > { > > > > > > //return false; > > > > > > return super.isEnabled() && > > StatelessPagingNavigator.this.isEnabled() > > > > && > > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > > } > > > > > > }; > > > > > > } > > > > > > > > > > > > @Override > > > > > > protected PagingNavigation newNavigation(final IPageable > pageable, > > > > final > > > > > > IPagingLabelProvider labelProvider) { > > > > > > return new PagingNavigation("navigation", pageable, > labelProvider) > > { > > > > > > private static final long serialVersionUID = > 1102823179571300337L; > > > > > > > > > > > > @Override > > > > > > protected Link newPagingNavigationLink(final String id, final > > > IPageable > > > > > > pageable, int pageIndex) { > > > > > > * **PageParameters p=new PageParameters();* > > > > > > * **p.add("pageIndex", String.valueOf(pageIndex));* > > > > > > return new BookmarkablePagingNavigation(id, pageable, > > > > > getPage().getClass(), > > > > > > p){ > > > > > > private static final long serialVersionUID = > -3076648671049640420L; > > > > > > > > > > > > public boolean isEnabled() > > > > > > { > > > > > > return super.isEnabled() && > > StatelessPagingNavigator.this.isEnabled() > > > > && > > > > > > StatelessPagingNavigator.this.isEnableAllowed(); > > > > > > } > > > > > > }; > > > > > > } > > > > > > }; > > > > > > } > > > > > > } > > > > > > > > > > > > thanks in advance > > > > > > > > > > > > -- > > > > > > Fernando Wermus. > > > > > > > > > > > > www.linkedin.com/in/fernandowermus > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > > > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > > > > > > > > > > > > > > > > -- > > > > Fernando Wermus. > > > > > > > > www.linkedin.com/in/fernandowermus > > > > > > > > > > > > > > > -- > > Fernando Wermus. > > > > www.linkedin.com/in/fernandowermus > > >
