yoursurrogategod Posted June 20, 2013 Share Posted June 20, 2013 I was told to implement the site with this requirement. Security is an issue so make sure that the domain name www.acme.com is never returned as part of the HTTP request to the user, not even in the HTML or JavaScript source. What does this mean? And how would you do it? Never heard of something like this. Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/ Share on other sites More sharing options...
kicken Posted June 20, 2013 Share Posted June 20, 2013 I'd guess it means exactly what it says, you need to make sure the scripts never output the domain name. On a simple level, this would mean you can't use any absolute URI's in things like links or image sources, everything should be relative. I'm not really sure what such a request has to do with security, but that is something you'd have to ask the client about. Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/#findComment-1437062 Share on other sites More sharing options...
richei Posted June 20, 2013 Share Posted June 20, 2013 I'm not even sure how you'd implement it since even basic urls, like form actions, will automatically use the domain. Like if you just list a menu item as contacts.html, the browser will display www.acme.com/contacts.html. Maybe there's a way to substitute the real for a fake using mod rewrite though. Definitely one of the oddest requests i've seen from a client. Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/#findComment-1437070 Share on other sites More sharing options...
kicken Posted June 20, 2013 Share Posted June 20, 2013 My best guess is that they are using some kind of frames setup to hide their real domain behind some other domain and they don't want people to be able to find the real domain by viewing the source of the page. Not really possible since the frame would have it listed in it's src="" attribute but they probably don't know about that or something. Sounds to me like someone who just doesn't know how things work decided such a thing was a good idea when in reality it doesn't really matter. Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/#findComment-1437074 Share on other sites More sharing options...
yoursurrogategod Posted June 20, 2013 Author Share Posted June 20, 2013 I'd guess it means exactly what it says, you need to make sure the scripts never output the domain name. On a simple level, this would mean you can't use any absolute URI's in things like links or image sources, everything should be relative. I'm not really sure what such a request has to do with security, but that is something you'd have to ask the client about. I'm _guessing_ that they mean something like this: header("Location: " . $_SERVER['SERVER_NAME'] . "/user_financial_info.php"); die(); Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/#findComment-1437076 Share on other sites More sharing options...
richei Posted June 20, 2013 Share Posted June 20, 2013 But even that would show the real domain, not the fake one. I think about the only real effective way to do it would be use mod rewrite to clean up the url and possibly list an entirely different one. Quote Link to comment https://forums.phpfreaks.com/topic/279391-what-does-this-mean/#findComment-1437105 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.