• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Suppressing Primary Keys in Direct Action URLs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suppressing Primary Keys in Direct Action URLs


  • Subject: Re: Suppressing Primary Keys in Direct Action URLs
  • From: David LeBer <email@hidden>
  • Date: Tue, 5 Oct 2004 11:07:47 -0400

On Oct 5, 2004, at 10:48 AM, Janice Cheung wrote:

   Greetings!

Is anyone aware of a method using Direct Actions, that actually suppresses the primary keys
in the URL?


My educational institution is issuing certifications/certificates, which I am generating on the
fly as database driven PDF reports.
For example, upon submission (via a hyperlink or WOActive image button), I ultimately arrive
at a page similar to this:


   http://hostname/WebObjects/projectName.woa/wa/viewReport?cPk=n
   'n' is equal to certification Primary key (cPk)

   Instead of this URL, I would like something somewhat more secure:

http://hostname/WebObjects/ProjectName.woa/wa/ viewReport=NowYouWillNeverFindThisUrlAgainMuhaha

Does anyone know how to implement this? I am in dire need of some help...

Any advice or guidance would be greatly appreciated!

What is it that you are trying to achieve Janice?

A direct action is going to give you a reproducible URL. That is its job. To do that you need to pass it the parameters it needs to perform its task (in this case find the report). If you want a dynamic URL, then maybe a component action would be better (linked to an authentication mechanism perhaps).

So, are you looking to obfuscate the search criteria so that someone cannot guess the name of other reports, or is there something else going on?

The appropriate solution will depend on your requirements. Off the top of my head, here are a couple ideas:

- Give the report a random "code" when generated and use that to retrieve.

- Give the report a date code when generated and only allow it to be retrieved for a short window.

- Make the report retrieval require authentication and only vend the appropriate report.

- Vend the report into a temporary directory, and delete after viewing.

;david

--
David LeBer
Codebase Software Systems
site:   http://www.codebase.ca
blog: http://david.codebase.ca

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: Suppressing Primary Keys in Direct Action URLs
      • From: Janice Cheung <email@hidden>
References: 
 >Re: Converting from SSDD to WAR (From: Benjamin J Doherty <email@hidden>)
 >Suppressing Primary Keys in Direct Action URLs (From: Janice Cheung <email@hidden>)

  • Prev by Date: Eclipse build.xml "class Application cannot be found"? [WAS: Problems building with Eclipse]
  • Next by Date: Re: Suppressing Primary Keys in Direct Action URLs
  • Previous by thread: Suppressing Primary Keys in Direct Action URLs
  • Next by thread: Re: Suppressing Primary Keys in Direct Action URLs
  • Index(es):
    • Date
    • Thread