I'm still pending with the issue of not displaying real URL's in the address bar?
I think this will be as simple as creating a "mask" so the real URL is kept withing the application and not shown to the world, isn't it?
This should be a rather trivial issue to be solved by the support team because once implemented
it will secure your application of unwanted queries to your database
by means of someone writing them down directly in the address bar ... or not?
You could use URL rewriting of iftame if you with, but in both cases you should protect your data. If someone decide to try to compromise your website then URL hiding will not help.
Regards
WindowsHostingASP.NET - My favourite site for ASP.NET hosting information.
HowtoASP.NET - Free ASP.NET tutorials with examples and source code.
I agree that against hacking not much can be done at amateur level
but you also must agree that facilitating people to be doing "SQL Poisoning" to your database
is not a clever idea either, or is it?
I think is not a trivial topic and a class should be built by Microsoft in order to accomplish the task
of protecting your application against unwanted queries facilitated by yourself shown in the address bar.
(they shouldn't ever had to be put there) !!!
At least I'd like to have the URL writing source code so I can see
if anything come to my mind to figure out how to solve this issue
I have seen serious tought absou this matter on web servers as the Apache one:
I think this will be as simple as creating a "mask" so the real URL is kept withing the application and not shown to the world, isn't it?
In my opinion, what we need to do is protecting sensitive data in URL's. A few methods can be implemented to protect the data that we are transferring from tampering. You could refer to the following link to get more information about how to protect sensitive
data in URL’s.
I wouldn't agree more IF we we not talking about ASP.Net Dynamic Data
BUT I will have to un-check your answer as STILL no-answer
If you had worked with DD then you surely knew that the URL painted on the address bar
is the one that comes from inside your code
and is the address that you app needs to keep on working,
so I was wondering if there was a method or a way for "not publishing" this data
(BUT USING IT INSIDE DD .... because you need it)
What I want to do is simple. I want to create a method
(so I need to rewrite the original Framework class)
and create a "mask" method so instead of painting the real
URL adress I will be displaying an AD in the address bar instead
Hi Carlos, I may get chance to look at this as I am going to the MVP Summit at Microsoft Campus Redmond next week so I may get the time to have a look.
See my blog C# Bits | Twitter @sjnaughton Always seeking an elegant solution.
Is really strange that a lot of expert people hadn't mentioned that this is rather trivial
and that you can do what I have asked here so many times before by means of rewriting the URL via IIS
I was aware or URL rewriting but I had not looked into it as I don't' have the luxury of using the lasted IIS my main client has only just moved from IIS6x to IIS8 :) so I had no idea
See my blog C# Bits | Twitter @sjnaughton Always seeking an elegant solution.
Member
242 Points
480 Posts
About not displaying real URL's
Oct 19, 2014 10:29 AM|klca|LINK
Hi,
I'm still pending with the issue of not displaying real URL's in the address bar?
I think this will be as simple as creating a "mask" so the real URL is kept withing the application and not shown to the world, isn't it?
This should be a rather trivial issue to be solved by the support team because once implemented
it will secure your application of unwanted queries to your database
by means of someone writing them down directly in the address bar ... or not?
Carlos N. Porras
(El Salvador)
Star
11650 Points
3462 Posts
Re: About not displaying real URL's
Oct 19, 2014 03:16 PM|HostingASPNet|LINK
Hello,
You could use URL rewriting of iftame if you with, but in both cases you should protect your data. If someone decide to try to compromise your website then URL hiding will not help.
Regards
HowtoASP.NET - Free ASP.NET tutorials with examples and source code.
Member
242 Points
480 Posts
Re: About not displaying real URL's
Oct 19, 2014 05:57 PM|klca|LINK
Hi and thanks
I agree that against hacking not much can be done at amateur level
but you also must agree that facilitating people to be doing "SQL Poisoning" to your database
is not a clever idea either, or is it?
I think is not a trivial topic and a class should be built by Microsoft in order to accomplish the task
of protecting your application against unwanted queries facilitated by yourself shown in the address bar.
(they shouldn't ever had to be put there) !!!
At least I'd like to have the URL writing source code so I can see
if anything come to my mind to figure out how to solve this issue
I have seen serious tought absou this matter on web servers as the Apache one:
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
Carlos N. Porras
(El Salvador)
Member
590 Points
195 Posts
Re: About not displaying real URL's
Oct 20, 2014 10:00 PM|sw-ing|LINK
Hi Carlos,
In my opinion, what we need to do is protecting sensitive data in URL's. A few methods can be implemented to protect the data that we are transferring from tampering. You could refer to the following link to get more information about how to protect sensitive data in URL’s.
Hope it will be helpful to you.
Best Regards,
Sw-ing
Member
242 Points
480 Posts
Re: About not displaying real URL's
Oct 24, 2014 08:42 AM|klca|LINK
Hi,
I wouldn't agree more IF we we not talking about ASP.Net Dynamic Data
BUT I will have to un-check your answer as STILL no-answer
If you had worked with DD then you surely knew that the URL painted on the address bar
is the one that comes from inside your code
and is the address that you app needs to keep on working,
so I was wondering if there was a method or a way for "not publishing" this data
(BUT USING IT INSIDE DD .... because you need it)
What I want to do is simple. I want to create a method
(so I need to rewrite the original Framework class)
and create a "mask" method so instead of painting the real
URL adress I will be displaying an AD in the address bar instead
"like: Thanks, Call Again" and not http:// businessname.com/List/List.aspx?id=12345
Best regards
Carlos N. Porras
(El Salvador)
Member
242 Points
480 Posts
Re: About not displaying real URL's
Oct 24, 2014 08:50 AM|klca|LINK
HostingASPNe...,
It will be good to provide sample code ..... isn't it?
(ASP.Net Dynamic Data Code)
Carlos N. Porras
(El Salvador)
All-Star
17916 Points
5681 Posts
MVP
Re: About not displaying real URL's
Oct 28, 2014 12:44 PM|sjnaughton|LINK
Hi Carlos, I may get chance to look at this as I am going to the MVP Summit at Microsoft Campus Redmond next week so I may get the time to have a look.
Always seeking an elegant solution.
Member
242 Points
480 Posts
Re: About not displaying real URL's
Nov 21, 2014 11:19 PM|klca|LINK
Hi,
Is really strange that a lot of expert people hadn't mentioned that this is rather trivial
and that you can do what I have asked here so many times before by means of rewriting the URL via IIS
Carlos N. Porras
(El Salvador)
All-Star
17916 Points
5681 Posts
MVP
Re: About not displaying real URL's
Nov 23, 2014 05:53 AM|sjnaughton|LINK
I was aware or URL rewriting but I had not looked into it as I don't' have the luxury of using the lasted IIS my main client has only just moved from IIS6x to IIS8 :) so I had no idea
Always seeking an elegant solution.