aspose file tools*
The moose likes Security and the fly likes Identify if HTTP Request originates from valid source Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Identify if HTTP Request originates from valid source" Watch "Identify if HTTP Request originates from valid source" New topic
Author

Identify if HTTP Request originates from valid source

Prince Manchanda
Ranch Hand

Joined: Jun 25, 2001
Posts: 52
My Web Application has few pages, the links for which are sent to the outside world in email. So, when user clicks on the link in the email, he/she will have to log in and then redirected to the link. An example of such link is for Saved Report.

My requirement is that I want to identify if a request coming from such link is legitimate. That the link used to invoke the application is the same that has been sent in the mail.

At first thought, the solution for this might be similar to what is used by sites for confirmation of new users. A link is sent to the new user's email and it contains some sort of encoded string.

Any implementation details of this solution or any other solution would be really helpful.


Thanks and Regards
P Manchanda
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

Prince Manchanda wrote:My Web Application has few pages, the links for which are sent to the outside world in email. So, when user clicks on the link in the email, he/she will have to log in and then redirected to the link. An example of such link is for Saved Report.

My requirement is that I want to identify if a request coming from such link is legitimate. That the link used to invoke the application is the same that has been sent in the mail.

At first thought, the solution for this might be similar to what is used by sites for confirmation of new users. A link is sent to the new user's email and it contains some sort of encoded string.

Any implementation details of this solution or any other solution would be really helpful.


your first thought is good. Those sites usually send out a hash with some combination of the site name, the user's email, username, date, etc. So, show some code of how you would hash the user's data in such a way that you could identify them when they come back from the link you sent.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Identify if HTTP Request originates from valid source