use ssl or create an "outer" html-doc containing one frame in that frame call your struts-application. In the address-field of the browser you will only see the url with which you call the "outer" html-doc...
Still leaves you vulnerable to a skilled hacker, but protects the url from tha standard users... On clickable links specify "alt-texts" and write something to the browsers status-line, else the link-address will be shown there... hth Alexander -----Original Message----- From: James Mitchell [mailto:[EMAIL PROTECTED] Sent: Dienstag, 27. Januar 2004 12:43 To: Struts Users Mailing List Subject: Re: constant url ----- Original Message ----- From: "shankarr" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, January 27, 2004 3:47 AM Subject: RE: constant url > Hi! > > Thanks for the response. > http://localhost:8081/log4jdemo/loginScreen.do is what I see in my url. > I would like to keep this a constant at http://localhost:8081/log4jdemo only. > I am using both a href and html:link. Have you seen what DispatchAction can do for you? > > But, even in cases where i use direct action like /loginScreen.do, on > invoking the action, i.e clicking a button, > i get the full path in the url. Yes, and that bothers you? > > This exposes the data to the hackers and will be a big issue in deployment. WHAT?!?!? Expose what to hackers? The HTTP request string? If you want to get away from HTTP request string, you need to get away from HTTP. Your closest option is to "POST" everything, but that still leaves you vulnerable. I could (if I were sniffing your network) capture and read a "POST" as easily as I could a "GET". Consider using SSL. > > Any help will be appreciated. > > Richie > > -- James Mitchell Software Engineer / Struts Evangelist http://www.struts-atlanta.org 678.910.8017 (cell) AIM: jmitchtx MSN: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
