Suppressing Primary Keys in Direct Action URLs
Suppressing Primary Keys in Direct Action URLs
- Subject: Suppressing Primary Keys in Direct Action URLs
- From: Alex Cone <email@hidden>
- Date: Tue, 5 Oct 2004 12:39:20 -0400
Janice -
You have two problems here - controlling the contents of the URL and
matching the obfuscated URL to a specific report. You might do
something like this:
- Use a random number/string generation routine to generate the
"public" report key
- Store the random string key-real key pair in a lookup table somewhere
(db table? application-level dictionary?)
- Check this table when creating new random strings to make sure your
new string isn't already a key
- Use the "?reportKey=myRandomKeyMethod" binding in your WOHyperlink to
put your key in the URL
- When you get the direct action call, look up the real key in your
lookup table and if found, return the report
- For a really one-time system, you could delete the random key-real
key pair at this point (or you could timestamp all the random keys and
sweep through on a WOTimer and delete all keys more than an hour
old...)
- If a request comes in for a key that isn't in the lookup table, you
just return a "Sorry..." page
Alex Cone
CodeFab - http://www.codefab.com/
Enterprise Solutions
We build it...
...it works!
Begin forwarded message:
From: Janice Cheung <email@hidden>
Date: October 5, 2004 10:48:01 AM EDT
Cc: email@hidden, email@hidden
Subject: Suppressing Primary Keys in Direct Action URLs
Greetings!
Is anyone aware of a method using Direct Actions, that actually
suppresses the primary keys
in the URL?
My educational institution is issuing certifications/certificates,
which I am generating on the
fly as database driven PDF reports.
For example, upon submission (via a hyperlink or WOActive image
button), I ultimately arrive
at a page similar to this:
http://hostname/WebObjects/projectName.woa/wa/viewReport?cPk=n
'n' is equal to certification Primary key (cPk)
Instead of this URL, I would like something somewhat more secure:
http://hostname/WebObjects/ProjectName.woa/wa/
viewReport=NowYouWillNeverFindThisUrlAgainMuhaha
Does anyone know how to implement this? I am in dire need of some
help...
Any advice or guidance would be greatly appreciated!
Best Regards,
Janice
__alex cone
ceo c o d e f a b inc
email@hidden
212.465.8484 x101
http://www.codefab.com
"There are people who would perhaps call me a dilettante, because it
looks as though I'm having too much fun. I have never been convinced
there's anything inherently wrong in having fun." -- George Plimpton
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden