Last post Aug 11, 2014 12:45 PM by wrknmom
Aug 10, 2014 03:41 PM|wrknmom|LINK
A software application offers a link to another page with predefined macros which are appended to the url. Unfortunately this macro is not encrypted, and we need to encrypt/mask/or change the url when the page is renders so the user does not see it and
use it inappropriately.
Since the page is being opened through the vendors application the control needs to be in the resulting page.
Aug 11, 2014 03:43 AM|Michelle Ge - MSFT|LINK
According to your description, you want to encrypt/mask/or change the URL as you click the link. So far as I know, you need to rewrite the URL.
There is a document about rewriting URL, please refer to the link below:
Hope it's useful for you.
Aug 11, 2014 04:46 AM|emayevski|LINK
Looks like using POST over SSL to pass the data would be the more effective measure than trying to mask the URL (which the curious user can capture anyway).
Aug 11, 2014 12:45 PM|wrknmom|LINK
Thank you for the reference. I'm reading it now. I did decide to redirect the page from the initial page after capturing the vendors macro and placing that in the session variable. The redirection rewrites the URL and the back button is disabled.
I also am checking the server HTTP_REFERER to make sure the requestor is the vendors page that has the macro in it.
If the client some how captures the first redirection script and rewrites it passing another id it will give them a not valid page. If they go to the second page directly with or without a param it will give them a 500 server error. Is there a way to
make that a more elegant error just for this page?