struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Taylor" <rtay...@mulework.com>
Subject RE: [OT] Anatomy of a long URL
Date Mon, 28 Jun 2004 15:35:50 GMT
Daniel, thanks for the reply. 

You pretty much confirmed my own assumptions.

robert


> -----Original Message-----
> From: Daniel Perry [mailto:d.perry@netcase.co.uk]
> Sent: Monday, June 28, 2004 10:58 AM
> To: Struts Users Mailing List
> Subject: RE: [OT] Anatomy of a long URL
> 
> 
> I dont think there is any information out there of the type you're
> requesting (it's not really a 'pattern').
> 
> Long URLs are long because there is a lot of information to transfer.
> 
> The big long codes given in urls are often are often hashes (eg session
> id!).  These are made long so that it's hard to randomly enter a code and
> guess a correct one.
> 
> There's no reason to use long urls unless you have a reason! There are often
> security reasons (eg hashes/tokens), where you dont want people to be able
> to fiddle with the link.  take a bank for example - you dont want to
> encourace hacking by putting:
> viewtransaction.do?transactionId=18374
> (of course i'm assuming that any actions such as these would check that you
> own the transaction using session info!!!)
> instead do somthing like viewtransaction.do?massive_code_here
> and it instantly puts people off changing stuff.
> 
> As for suns example, i think sun counts you downloading stuff like J2EE SDK
> as 'purchasing' it.  I think part of the reason for that link is to try and
> stop anyone from downloading the file and "stealing" it!
> 
> Also bear in mind that places such as sun, amazon, etc have massive sites,
> with many servers and an immense amount of information.  They need to be
> able to track you, accross the site.  Some sites try and do this using big
> codes that only the server understands, others tend to use nested
> directories, eg:
> http://news.bbc.co.uk/1/hi/world/middle_east/3845517.stm
> 
> Daniel.
> 
> > -----Original Message-----
> > From: Robert Taylor [mailto:rtaylor@mulework.com]
> > Sent: 28 June 2004 14:51
> > To: user@struts.apache.org
> > Subject: [OT] Anatomy of a long URL
> >
> >
> > I'm not sure the subject of this email is indicative of my
> > question, but I have always wondered why amazon, sun, and some financial
> > institutions,
> > use long URL's for invoking actions. My only guess, since I've
> > only worked at small companies where all the applications pretty much
> > run on
> > one machine, is that the URL contains either encoded/sensitive
> > information or contains session information. I'm just wondering why
> > the heck does
> > it look so darn complex.
> >
> > For example, I just downloaded Sun's J2EE 1.4 SDK
> >
> > http://192.18.97.53/ECom/EComTicketServlet/BEGINjsecom16c.sun.com-
> 9660%3A40e01d9a%3A3099733a3e651ac9/-2147483648/428874567/1/483962/
> 483914/428874567/2ts+/westCoastFSEND/j2eesdk-1.4_01-oth-JPR/j2eesdk-1.4_01-o
> th-JPR:1/j2eesdk-1_4_01-windows.exe
> 
> 
> after the "/-" then there appears to be some random numbers delimited by
> forward slashes.
> Is this some technique for sharing sessions across different applications?
> 
> My apologies if this is one of those things that "everone" know's about
> except me.
> I really wasnn't sure how to google on this topic either, so if there is
> some general
> documentation I missed, please point me to it.
> 
> 
> robert
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message