aspose file tools*
The moose likes Security and the fly likes How to prevent user copy and paste url? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to prevent user copy and paste url?" Watch "How to prevent user copy and paste url?" New topic
Author

How to prevent user copy and paste url?

Guy Belpa
Ranch Hand

Joined: Nov 21, 2004
Posts: 41

helo ,

i'm developing a web-based system for data-entry.

they will give logins(user name+password) for registerd dealers.

so dealers will logged to the system and giv it to employees to enter data.

i developed this, when user logged in i maintain a session file.

every time a page load it check weather session file exits or not..

but problem is a employee can copy URL and mail it somebody outside.

so they can paste it in web browser and logged-in...

how can i avoid this ??

(sample url
http://www.example.com/main.jsp?sessionID=1235021871580

Thanks.
Rusty Shackleford
Ranch Hand

Joined: Jan 03, 2006
Posts: 490
How are you going to stop someone from writing it down? Trying to prevent the end user from copying and pasting a URL does nothing.

You are going at this in the wrong direction. Use steps to avoid session hijacking. Don't put log-in information directly in the URL(ie don't use get). Make sure you properly use encryption to protect data and to authorize the end user. Make sure sessions close after 10 minutes or so of inactivity.


"Computer science is no more about computers than astronomy is about telescopes" - Edsger Dijkstra
Guy Belpa
Ranch Hand

Joined: Nov 21, 2004
Posts: 41
Rusty Shackleford wrote: Use steps to avoid session hijacking. Don't put log-in information directly in the URL(ie don't use get). ... Make sure sessions close after 10 minutes or so of inactivity.



Thank you for your reply. that what i was asking... tell me how to do that?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to prevent user copy and paste url?