Re: Suppressing Primary Keys in Direct Action URLs
Re: Suppressing Primary Keys in Direct Action URLs
- Subject: Re: Suppressing Primary Keys in Direct Action URLs
- From: David LeBer <email@hidden>
- Date: Tue, 5 Oct 2004 11:07:47 -0400
On Oct 5, 2004, at 10:48 AM, Janice Cheung wrote:
Greetings!
Is anyone aware of a method using Direct Actions, that actually
suppresses the primary keys
in the URL?
My educational institution is issuing certifications/certificates,
which I am generating on the
fly as database driven PDF reports.
For example, upon submission (via a hyperlink or WOActive image
button), I ultimately arrive
at a page similar to this:
http://hostname/WebObjects/projectName.woa/wa/viewReport?cPk=n
'n' is equal to certification Primary key (cPk)
Instead of this URL, I would like something somewhat more secure:
http://hostname/WebObjects/ProjectName.woa/wa/
viewReport=NowYouWillNeverFindThisUrlAgainMuhaha
Does anyone know how to implement this? I am in dire need of some
help...
Any advice or guidance would be greatly appreciated!
What is it that you are trying to achieve Janice?
A direct action is going to give you a reproducible URL. That is its
job. To do that you need to pass it the parameters it needs to perform
its task (in this case find the report). If you want a dynamic URL,
then maybe a component action would be better (linked to an
authentication mechanism perhaps).
So, are you looking to obfuscate the search criteria so that someone
cannot guess the name of other reports, or is there something else
going on?
The appropriate solution will depend on your requirements. Off the top
of my head, here are a couple ideas:
- Give the report a random "code" when generated and use that to
retrieve.
- Give the report a date code when generated and only allow it to be
retrieved for a short window.
- Make the report retrieval require authentication and only vend the
appropriate report.
- Vend the report into a temporary directory, and delete after viewing.
;david
--
David LeBer
Codebase Software Systems
site: http://www.codebase.ca
blog: http://david.codebase.ca
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden