Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hiding data in URL window from user

Status
Not open for further replies.
eireanacht

eireanacht

Programmer
Jul 13, 2004
15
US
I am trying to keep people/users from seeing the direct path and file name (mostly CGI script file names) in the URL window when accessing my website. Specifically, when a user clicks on a button or link which executes a cgi script, I don't want the path and file name of that script to appear in the URL Address window. Can anyone help with this?
 
Sort by date Sort by votes
One of the things a scripting language such as PHP and ASP do for you is abstract any cgi scripts and allow you to maintain session within one script so that certain things can only be done in the right order, such as after a successful login. I would recommend going that route for security. Otherwise, you are just looking for a way to obscure your resources rather than really secure them.
 
Upvote 0 Downvote
Another solution is to place your entire site in a frameset. This effectively hides the URL for the individual frames and leaves a single "nice" URL in the location bar.

In this instance (assuming you just want to make it less easy for people to find your paths and cgi script names) using frames is a very simple to implement solution that you can achieve in minutes.

Food for thought.
Jeff
 
Upvote 0 Downvote
Of course, if they really want to see the URLs they can just view the source of the frames.


Tracy Dryden

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard. [dragon]
 
Upvote 0 Downvote
Thanks to all for the good advise. I'll have to ponder what it is I really want to accomplish here.
 
Upvote 0 Downvote
I agree with oppcos! With a scripting language such as the ones oppcos suggested, or others (perl,python) you can set up a template system. This will seperate your program from your design.

One of my favorites:

X
 
Upvote 0 Downvote
The framset will do a couple of things... It will also break the site to anyone who doesn't have frame support, poses the posibility of locking them into your frames if they leave your site in the middle of the process, look awful, plays havoc on the scroll wheel and hides absolutly nothing. If I want to know the URL to the scripts I just veiw the source of the site, and viola!

[plug=shameless]
[/plug]
 
Upvote 0 Downvote
eireanacht,

Obviously you already know that you cannont hide your code, however a frameset is the perfect way to at least hide calls in the URL window. Without looking at the code no one would even know that they were in a frameset the frameset would work in all browsers and could not possibly cause any problems at all.

It never ceases to amaze me that people who know nothing about framesets are the first to discount them.

Code: 
<html><head><title>TITLE</head><frameset>
<frame scrolling="yes" src="mysite.htm" />
<noframes><body>
<a href="mysite.htm">NoFrames Version</a>
</body></noframes></frameset></html>

Clive
 
Upvote 0 Downvote
Using a frameset will also make it more difficult for people to bookmark your pages - though this may be exactly what you want.
I'll have to ponder what it is I really want to accomplish here.
Click to expand...
Indeed you will. If you're concerned about people using information from the address bar to somehow attack the security of your site, client-based defences like framesets aren't going to protect you. Anybody with the know-how to mount such an attack isn't going to be defeated by a simple frameset.

I'd be wary about adding any extra complexity to my site without there being some tangible benefit to be achieved from it. I can't see any from the everything-in-a-big-frame approach.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
Code: 
<html><head><title>TITLE</head><frameset>
<frame scrolling="yes" src="mysite.htm" />
<noframes><body>
<a href="mysite.htm">NoFrames Version</a>
</body></noframes></frameset></html>
Click to expand...

Not complex, an "extra layer of complexity".

Not as simple as

Code: 
<html><head><title>TITLE</head>
<body>
My site with no extra layers of complexity
</body></html>

;-)

To respond to the initial question.
If you are that worried about abuse of scripts you have on your site then I would consider writing the scripts to trap any misuse rather than trying to hide their URL from the user.

Perhaps place any executable scripts outside your web directory so only the server can access them?

Modify the scripts, not the site.

Foamcow Heavy Industries - Web design and ranting
Toccoa Games - Day of Defeat gaming community
Target Marketing Communications - Advertising, Direct Marketing and Public Relations
"I'm making time
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cae154
  • Locked
  • Question
Body of email not appearing in correct font on iPhone and iPad
Replies
1
Views
416
spamjim
spamjim
lmcate
  • Locked
  • Question
From HTML Page open an MDB files on the server and work
Replies
0
Views
115
lmcate
lmcate
soni21
  • Locked
  • Question
JavaScript String to Number Conversion in HTML: Seeking Clarification
Replies
4
Views
719
Chris Miller
Chris Miller
Mike Lewis
  • Locked
  • Question
How to refresh a Javascript file in the browser's cache?
Replies
4
Views
642
Mike Lewis
Mike Lewis
waubain
  • Locked
  • Question
Prevent user from getting a 404 error if click on a hover text displaying a hidden image. 1
Replies
5
Views
146
jjgupta915
jjgupta915

Part and Inventory Search

Sponsor

Back
Top