This week's book giveaway is in the Design forum.
We're giving away four copies of Building Microservices and have Sam Newman on-line!
See this thread for details.
The moose likes Struts and the fly likes Address Bar in JSP:Security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Building Microservices this week in the Design forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Address Bar in JSP:Security issue" Watch "Address Bar in JSP:Security issue" New topic
Author

Address Bar in JSP:Security issue

Shane W
Ranch Hand

Joined: Aug 31, 2007
Posts: 30
Hi
The setup in our clients enivronment is such that all applications are accessed by first logging in from a login page which acts a common entry point to all applications.
Now the client wants that after logging in, the subsequent pages not have the address bar.
So, i added a dummy page between the login page and the forst page of our application and in this dummy page, i call the window.open javascript method and in this way i go to the first page of our application.in the window.open method, i pass location=no as an argument.

Is there any better way to do it? I'm a bit sceptical about the approach we adopted?

Shane
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 32508
    
214

Shane,
What are you trying to accomplish by hiding the address bar? The subject hints at security. There is not security in hiding this from the user as a sophisticated user or hacker can still get it.


[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
 
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
 
subject: Address Bar in JSP:Security issue
 
It's not a secret anymore!