File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Address Bar in JSP:Security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Address Bar in JSP:Security issue" Watch "Address Bar in JSP:Security issue" New topic

Address Bar in JSP:Security issue

Shane W
Ranch Hand

Joined: Aug 31, 2007
Posts: 30
The setup in our clients enivronment is such that all applications are accessed by first logging in from a login page which acts a common entry point to all applications.
Now the client wants that after logging in, the subsequent pages not have the address bar.
So, i added a dummy page between the login page and the forst page of our application and in this dummy page, i call the javascript method and in this way i go to the first page of our the method, i pass location=no as an argument.

Is there any better way to do it? I'm a bit sceptical about the approach we adopted?

Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 33098

What are you trying to accomplish by hiding the address bar? The subject hints at security. There is not security in hiding this from the user as a sophisticated user or hacker can still get it.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
I agree. Here's the link:
subject: Address Bar in JSP:Security issue
jQuery in Action, 3rd edition