Jump to content

Is there ANY "legit" way to secure URLs ?

Trek15

By Trek15
in Application Design

 Share

Recommended Posts

Trek15 Member

Trek15

Posted
Posted

To get to the point: i wonder if there's any way that you can keep members who ones were part of a community that requires a certain amount of posts in the forum to gain access to other parts of it and who turned out to be bastards from using those same URLs directly written into the address lines of their browsers to access those pages once they're banned when you don't have any physical control over those pages themselves.

 

I've read about using all kinds of ways to sort of scramble URLs to look different. But those have apparently become a total no-no simply because too many spammers used those ways to do their thing. What about those who really NEED a function like that though? What are we supposed to do?

Link to comment
Share on other sites
PugJr Regular Member

PugJr

Posted
Posted

Trek, why secure a URL? Just do something where

 


if ( $userpost < 150 )
{
echo "Too few posts";
die();
}

 

Or are you meaning by something else? Just use PHP to prevent them from viewing it, not hiding the URL. As one of these PHPFreakers once said: (I'm not gonna get it exact) "Secrecy is not security.".

 

Or if I'm completely missing what you are trying to say, could you rephrase what you mean?

Link to comment
Share on other sites
Trek15 Member

Trek15

Posted
  • Author
Posted

Thanks. English isn't my native language so it wouldn't be the first time i was misunderstood.

 

The website is an iframe with a menu on a parent frame at the top. Some of the pages that are hidden from low-post members are physically not hosted on my server, so once the members have seen the address to those other websites, they can access them without having to go through my site. The pages in question are on websites that host services like voice-communication and stuff like that, that can't be hosted on your own server yet.

 

Am i making sense?

Link to comment
Share on other sites
Trek15 Member

Trek15

Posted
  • Author
Posted

To clarify further: So what i would want to do is to hide the actual address to those other pages right from the start, at least within that iframe, so that nobody can use the addresses to directly in their browsers.

Link to comment
Share on other sites
Trek15 Member

Trek15

Posted
  • Author
Posted

I have been thinking about Javascript or something. I think it's javascript buttons around the web that don't show anything in the status field when you hover over them and that you only see the Java settings if you right-click them. Could i hide the addresses this way perhaps? Like the ads at the bottom of this topic i just noticed. Yes, it's Javascript. Hmm..

Link to comment
Share on other sites
PugJr Regular Member

PugJr

Posted
Posted

Okay, I probably won't be much help but one thing for sure is you can not use Jscript for secruity. They can just disable Jscript and you are screwed.

 

Okay, so these addresses are on your website right? One you can modifiy? If so, just use some PHP/ASP/whatever(But it must be server side.) so it removes those addresses so they don't show in the first place.

Link to comment
Share on other sites
Trek15 Member

Trek15

Posted
  • Author
Posted

Uh. That's not uh... i think we might be on different wave-lengths here. ;)

 

I want the buttons to function, for the users who have access to them. But i don't want them either to know the actual address to those pages so that they can access them without having to go through my website. I just need to cloak the address to the services, not the services themselves.

Link to comment
Share on other sites
PugJr Regular Member

PugJr

Posted
Posted

Yes, thats what I was trying to say. Like lets say this is your page:

 


if ( $userstats < 150 )
{
$link = "";
}
else
{
$link = "<a href=\"google.com\"> You get this button as you exceeded 150 posts! </a>";
}

echo "Hello there. Don't have 150 posts? Too bad. $link";

 

Now on your page if they have more than 150 posts they will be able to see the link which is google.com. If they don't, then no link. Or do you not have accses to their post count?

Link to comment
Share on other sites
Trek15 Member

Trek15

Posted
  • Author
Posted

Thank you Pug.

 

You are missing a point still though.

 

This is my website:

 

()

 

And this is the service website that my website links to in an iframe:

 

<>

 

When someone gets those 150 posts at () to get to <>, they can obviously get to <> without going through () simply by entering the URL to <> in their browsers, thereby avoiding the fact that they need 150 posts at ().

 

It doesn't matter what rules i set at (). As soon as they have gained access to <>, its address is revealed and they can continue to access it even after they have been banned at () simply by going to <> directly. This is why i would like to cloak the address to <> so that you couldn't possibly figure out the address to it, making it impossible to get to <> without going through ().

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.