I notice that if your urls are in the form:
So, it’s easy for users to navigate to other pages sequentially (e.g.
domain.com/show/3). Is it possible to encrypt the URLs such that it’s
harder for users to “guess” where the other pages are located?
for instance, a url encrypted as: domain.com/show/XyAdcZdF
Any ideas?
Bob S. wrote:
I notice that if your urls are in the form:
So, it’s easy for users to navigate to other pages sequentially (e.g.
domain.com/show/3). Is it possible to encrypt the URLs such that it’s
harder for users to “guess” where the other pages are located?for instance, a url encrypted as: domain.com/show/XyAdcZdF
Any ideas?
Depends on your application. If you goal is to stop people from
accessing pages sequentially, I’d ask why? Afraid of someone
screen-scraping? They’ll figure out how to do it eventually. I’d
concentrate my energy on building a great app, not stopping someone from
possibly automating some task.
If you’re afraid of someone accessing an object they’re not supposed to,
association proxies are a great way to limit access.
So, in your controller, instead of:
@book = Book.find_by_user_id(params[:id])
Try…
@book = @user.books.find(params[:id])
This way the scope of the find is limited to books owned by the user in
session (or wherever).
Hope that helps…
On Nov 2, 2007, at 6:14 AM, Bob S. wrote:
I notice that if your urls are in the form:
So, it’s easy for users to navigate to other pages sequentially (e.g.
domain.com/show/3). Is it possible to encrypt the URLs such that it’s
harder for users to “guess” where the other pages are located?for instance, a url encrypted as: domain.com/show/XyAdcZdF
“Harder to guess” is never a viable strategy. Either your application
allows access to record 3 for User X or it doesn’t. Guessing should
have no part in controlling that.
To enforce an ability where it “doesn’t” means filtering requests
based on a user with a known profile. If logged-in User X is allowed
to see only records which match a certain pattern, then your app has
to mark records so that pattern can be searched for, and queries have
to be dynamically generated based on user pofile data to find that
pattern.
– gw
First things first.
If you build already a great web application and your control of
resources are adequate then perhaps it is time to play with urls.
Most of people struggle to get urls more Google friendly or human
readable, I hope that you have a clear idea on what you would like to
achieve.
Any hoe you can make some kind of hash function that will do mapping
from hash value to and from :controller/:action/:id format. Little
helper function and some route mapping and you can be on your way to
make your great web app with adequate control of resources even better
with links harder to guess.
Hi guys,
The reason why I want encrypted URLs is that it’s not that big of a deal
if users find the other pages.
I just don’t want them to be able to access the other pages so easily –
but also, where they don’t have to go through hoops to find the page
they want.
Is there a good way to do that?
e.g. map.connect “:controller/:action:/XyZ12:id4215”…
Here is a change to my previous post:
If you want URLs like this:
you would have to make your routes look more like this:
map.connect ‘:action:/:url’, :controller => ‘the_controller’
On Nov 3, 11:17 am, Sebastian Probst E.
Couldn’t you f.ex add an URL field in the DB to which you assign some
random string like xWa2IUhkjwq23 when you create the page, and then
you could use:
@page = Page.find_by_url(params[:url])
in your Page model you could also add the following:
def to_param
url
end
That returns the url-parameter we added instead of the ID in cases
where the ID would normally be returned. Remember that you have to use
find_by_url when doing this!
You could also use the following
def to_param
“#{id}-#{url}”
end
Rails will extract the ID when it needs it with some magic, but the
addresses are going to be a lot easier to guess! In this case you
could just use the normal Page.find()
Your routes could look something like this:
map.connect “:controller/:action:/:url”
Hope this helps.
S
On Nov 2, 7:29 pm, Bob S. [email protected]
Sebastian probst Eide wrote:
Here is a change to my previous post:
If you want URLs like this:
you would have to make your routes look more like this:
map.connect ‘:action:/:url’, :controller => ‘the_controller’
On Nov 3, 11:17 am, Sebastian Probst E.
Thanks Sebastian! And, thanks everybody for your wonderful help.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs