• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Suppressing Primary Keys in Direct Action URLs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Suppressing Primary Keys in Direct Action URLs

  • Subject: Suppressing Primary Keys in Direct Action URLs
  • From: Alex Cone <email@hidden>
  • Date: Tue, 5 Oct 2004 12:39:20 -0400
Janice -

You have two problems here - controlling the contents of the URL and matching the obfuscated URL to a specific report. You might do something like this:

- Use a random number/string generation routine to generate the "public" report key
- Store the random string key-real key pair in a lookup table somewhere (db table? application-level dictionary?)
- Check this table when creating new random strings to make sure your new string isn't already a key
- Use the "?reportKey=myRandomKeyMethod" binding in your WOHyperlink to put your key in the URL
- When you get the direct action call, look up the real key in your lookup table and if found, return the report

- For a really one-time system, you could delete the random key-real key pair at this point (or you could timestamp all the random keys and sweep through on a WOTimer and delete all keys more than an hour old...)

- If a request comes in for a key that isn't in the lookup table, you just return a "Sorry..." page

Alex Cone
CodeFab - http://www.codefab.com/
Enterprise Solutions
We build it...
	...it works!

Begin forwarded message:

From: Janice Cheung <email@hidden>
Date: October 5, 2004 10:48:01 AM EDT
Cc: email@hidden, email@hidden
Subject: Suppressing Primary Keys in Direct Action URLs

   Greetings!

Is anyone aware of a method using Direct Actions, that actually suppresses the primary keys
in the URL?

My educational institution is issuing certifications/certificates, which I am generating on the
fly as database driven PDF reports.
For example, upon submission (via a hyperlink or WOActive image button), I ultimately arrive
at a page similar to this:

   http://hostname/WebObjects/projectName.woa/wa/viewReport?cPk=n
   'n' is equal to certification Primary key (cPk)

   Instead of this URL, I would like something somewhat more secure:

http://hostname/WebObjects/ProjectName.woa/wa/ viewReport=NowYouWillNeverFindThisUrlAgainMuhaha

Does anyone know how to implement this? I am in dire need of some help...

   Any advice or guidance would be greatly appreciated!

   Best Regards,
   Janice



__alex cone
        ceo  c o d e f a b  inc
        email@hidden
        212.465.8484 x101
        http://www.codefab.com

"There are people who would perhaps call me a dilettante, because it looks as though I'm having too much fun. I have never been convinced there's anything inherently wrong in having fun." -- George Plimpton

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: Java 1.5

    • 

  • Next by Date:
Re: Including a javascript file as a Web Server Resource [SOLVED]

    • 

  • Previous by thread:
Re: Hosting multiple domains using the same WO application

    • 

  • Next by thread:
WO and VAS / SPNEGO?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •