aspose file tools*
The moose likes Struts and the fly likes Address Bar in JSP:Security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Address Bar in JSP:Security issue" Watch "Address Bar in JSP:Security issue" New topic
Author

Address Bar in JSP:Security issue

Shane W
Ranch Hand

Joined: Aug 31, 2007
Posts: 30
Hi
The setup in our clients enivronment is such that all applications are accessed by first logging in from a login page which acts a common entry point to all applications.
Now the client wants that after logging in, the subsequent pages not have the address bar.
So, i added a dummy page between the login page and the forst page of our application and in this dummy page, i call the window.open javascript method and in this way i go to the first page of our application.in the window.open method, i pass location=no as an argument.

Is there any better way to do it? I'm a bit sceptical about the approach we adopted?

Shane
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29233
    
138

Shane,
What are you trying to accomplish by hiding the address bar? The subject hints at security. There is not security in hiding this from the user as a sophisticated user or hacker can still get it.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Address Bar in JSP:Security issue
 
Similar Threads
Session timeouts or JsessionIds
Addressbar hiding
prevent direct access after login.
Struts and Tiles issue: how to get the request URL ?
Changing the URL when using forward or redirect...