...

View Full Version : how to hide the actual ASP file path that shown in Address bar?



NinjaTurtle
07-25-2004, 08:30 AM
Dear,

i show some web site can hide the current asp file in the Address bar.
Example:
the actual path should be www.AAA.com/ContactUs/display.asp
but at the address bar it show www.AAA.com ONLY...


how to do that???

raf
07-25-2004, 09:46 AM
simplest solution : use a framepage. (but this has some downsides (bookmarking etc))

alternative: mod rewrite

NinjaTurtle
07-26-2004, 02:59 AM
Dear,

Can u tell me more about the alrternative way(mod rewrite) of doing that???

glenngv
07-26-2004, 03:17 AM
Is there any compelling reason you want to hide the url?

NinjaTurtle
07-26-2004, 10:01 AM
Dear,

i am trying to send my demo set of system which written by ASP to my client, but i dun want to let them see the interlinkage.

glenngv
07-26-2004, 11:52 AM
What's wrong with seeing the url? :D
If I were you I won't bother with that too much. :)

raf
07-26-2004, 01:05 PM
They can basically just look at your source or statusbar to see where you post your forms to or where your links point to.

anyway, mod-rewrite is supposed to add additional security because the filesystem-structure and the used server side language is obfuscated. (kina week arguments, if you ask me)

If it's just for a demosystem, then just create aframepage with at the top, a frame (complete length but just a few lines heigd) where you put some image ('Demo'-environment) on a red background or so. The second frame (below the first one) then contains your actual site.

If you need more info on mod-rewrite for IIS, then google for it.Plenty oflinks will popup.

whammy
07-27-2004, 02:44 AM
I think he wants to encrypt the URL randomly per session so it cannot be downloaded again, EVER, unless someone logs in and requests the file.

Hotmail does this every time I request an email, it can't be TOO hard (but they have the best spam email filtering system I've EVER seen, so they must know something!)... :)

Now that I got laid off (yeah... :() I'm going to seriously start looking into stuff like this that I never had time for before! WOOHOO!

raf
07-27-2004, 07:48 AM
I don't know if he means that, but this should not be done manupulating the url since there are better ways (like simply setting a sessionvariable and checking against that).
But achieving this is rather easy. You just encode your sessionID and append it to each url. (you could do this by storing all output in a variable and then using a regew or so. there's probably a way to have it added automatically as is done in PHP for users with cookies disabled. maybe check out the Cookie Munger)

NinjaTurtle
07-27-2004, 10:36 AM
Dear all (Whammy),

actually i try to think about the way of what u mention b4(encrypt the URL) but i have no idea to do that, so i try to play around with others ways... like hide URL without using Frame, encrypt URL, Store into Session....

hmmm.... tired....


i wonder how those ppl selling PURE ASP application?? how they can prevent thier client misuse of the set of source???
what is the BEST(SAFETY) way(s) to "install" the ASP application in the client side without any misuse of source code???



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum