Jump to content

What does this mean?


yoursurrogategod
 Share

Recommended Posts

I was told to implement the site with this requirement.

Security is an issue so make sure that the domain name www.acme.com is never returned as part of the HTTP request to the user, not even in the HTML or JavaScript source.

 
What does this mean?  And how would you do it?
 
Never heard of something like this.
Link to comment
Share on other sites

I'd guess it means exactly what it says, you need to make sure the scripts never output the domain name. On a simple level, this would mean you can't use any absolute URI's in things like links or image sources, everything should be relative.

 

I'm not really sure what such a request has to do with security, but that is something you'd have to ask the client about.

Link to comment
Share on other sites

I'm not even sure how you'd implement it since even basic urls, like form actions, will automatically use the domain.  Like if you just list a menu item as contacts.html, the browser will display www.acme.com/contacts.html.

 

Maybe there's a way to substitute the real for a fake using mod rewrite though.  Definitely one of the oddest requests i've seen from a client.

Link to comment
Share on other sites

My best guess is that they are using some kind of frames setup to hide their real domain behind some other domain and they don't want people to be able to find the real domain by viewing the source of the page. Not really possible since the frame would have it listed in it's src="" attribute but they probably don't know about that or something.

 

Sounds to me like someone who just doesn't know how things work decided such a thing was a good idea when in reality it doesn't really matter.

Link to comment
Share on other sites

I'd guess it means exactly what it says, you need to make sure the scripts never output the domain name. On a simple level, this would mean you can't use any absolute URI's in things like links or image sources, everything should be relative.

 

I'm not really sure what such a request has to do with security, but that is something you'd have to ask the client about.

I'm _guessing_ that they mean something like this:

header("Location: " . $_SERVER['SERVER_NAME'] . "/user_financial_info.php");
die();
Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.