Hi

How to hide the real url and dispaly to specific url on a website.
i.e. http://www.myapp.com/information.jsp is real url and want to dispaly http://www.myapp.com/ URL on browser.
I will display as static URL instaead of real url.

Please give an idea sugegstion how to do this bcoz I m new in JS.

Thanks
Lalit

What possible legitimate reason do you have for wanting to do this?

This is not possible because this can cause a huge security risk for users of your website. The browser can not display anything in the address bar other then the URI of the document loaded into the window. Someone could easily set up a phishing website for Paypal, and modify the url to say Paypal.com instead of whatever false url they were using before.


A teacher informed my son that "There are two words which you should never use in school homework - one is cool and the other is gross". "No problem", replied the boy, "What are the two words?"

if you use Apache - You may do that on using htaccess (http://en.wikipedia.org/wiki/Htaccess)

See also: http://en.wikipedia.org/wiki/Rewrite_engine

Philip M, I think imlalit wants simply to mask the hash in order to make it human readable : for instance instead of

http://www.mysite.com/index.php?products=foo

to have

http://www.mysite.com/Products/Foo

Hi
For security reason I have to dispaly same url in all pages when user open anyone page on website.
I need a scrpit and it will be run on every jsp page of the website.


Kor you are right

and We are using Sun One Application Server.

is it possible?

thanks
lalit

For security reason I have to dispaly same url in all pages when user open anyone page on website.
I need a scrpit and it will be run on every jsp page of the website. There is no way to hide the url of a page from an experienced user, though you may deceive an inexperienced user with the help of frames.

If you think, your pages are not secure, fixing the security holes is the only effective way. Or you may need to keep them on your computer, without publishing on the Internet.

Yeap. abduraooft is right. What I wanted to say is that you may mask the URL, but you can not really hide it.

how to protect the URL over internet?
is there any solution for that?

how to protect the URL over internet?
is there any solution for that?

Don't really understand "protect the URL over internet", but if you mean prevent people accessing it, the answer is No.

Protect from what? Why do you need to "protect" an URL?

Our Client had done the security audit of their website and directory listing found in security audit so now they want to hide the directory listing from URL.

so what is the solution?

If you have a directory without the standard index.html in, such as an images folder, and you want to hide the Apache directory listing where all files are displayed, then put the following into a .htaccess in the folder. This will disable the listing and just tell the user they dont have access (although they can access files if they know the filename!)

Options -Indexes

In other words, you can prevent the user to open the directory, but you can not prevent him to open a file, if he knows the name of the file. Exceptions are the "pure" server-side files, which can be protected either using .htaccess or by different other techniques. I confess I don't know JSP (I could have shown you some in PHP), but you may put this question in JSP Forum:

http://www.codingforums.com/forumdisplay.php?f=54

Our Client had done the security audit of their website and directory listing found in security audit so now they want to hide the directory listing from URL.

so what is the solution?


simple as pie:
save this code as index.html and place it inside the directory to be blocked:

<h1>403</h1>


don't forget to check webDAV settings, they can list files also...

It is not correct. Directory listing pattern is ocurring as www.myapp.com/rite/pre/information.jsp in address bar of browser.And Want to dispaly only www.myapp.com in address bar instead of www.myapp.com/rite/pre/information.jsp

User is not opening the directory on server. User is accessing only the website.
Web site is publically and every one access the site whomever interested on it. We can't refuse to user to access the site. We want to disbale the real url.

We are using Sun One Application Server 2004Q7 for website.

pls give ideas

Anyway, that is not a javascript issue, thus I have moved your thread into the JSP Forum

thanks a lot for moving the post

so what to do now in that case.
Is it possible we can disable/hide the directory listing pattern from url in browser?
please help me out.

Iframe...

You stay on the same page all the time.

Iframe...

You stay on the same page all the time.

Yeah that could work however as others have mentioned hiding the actual URL behind a static URL is a bad idea and will only stop the most novice of users. Not to mention it makes it a major pain in the butt for the users for your site. You make it impossible to ever bookmark any pages or return to a specific page directly. Using frames to keep one URL in the address bar is bad design.

If your client's security audit says having "real" URLs is bad security then the audit is wrong. What you put in the URL can lead to poor security but that's why you write proper sever side code to sanitize and sanity check all inputs, as abduraooft already mentioned.

I have a feeling your client and/or you are misunderstanding what the actual problem is that the security audit found.

thanks for reply

I'm not misunderstanding to forum or forum's members.I'm finding the solution as client wants.Client simply says that We want to keep one url in addressbar while accessing the site.That is why I posted here the problem and nothing else.