Daniel, thanks for the reply. You pretty much confirmed my own assumptions.
robert > -----Original Message----- > From: Daniel Perry [mailto:[EMAIL PROTECTED] > Sent: Monday, June 28, 2004 10:58 AM > To: Struts Users Mailing List > Subject: RE: [OT] Anatomy of a long URL > > > I dont think there is any information out there of the type you're > requesting (it's not really a 'pattern'). > > Long URLs are long because there is a lot of information to transfer. > > The big long codes given in urls are often are often hashes (eg session > id!). These are made long so that it's hard to randomly enter a code and > guess a correct one. > > There's no reason to use long urls unless you have a reason! There are often > security reasons (eg hashes/tokens), where you dont want people to be able > to fiddle with the link. take a bank for example - you dont want to > encourace hacking by putting: > viewtransaction.do?transactionId=18374 > (of course i'm assuming that any actions such as these would check that you > own the transaction using session info!!!) > instead do somthing like viewtransaction.do?massive_code_here > and it instantly puts people off changing stuff. > > As for suns example, i think sun counts you downloading stuff like J2EE SDK > as 'purchasing' it. I think part of the reason for that link is to try and > stop anyone from downloading the file and "stealing" it! > > Also bear in mind that places such as sun, amazon, etc have massive sites, > with many servers and an immense amount of information. They need to be > able to track you, accross the site. Some sites try and do this using big > codes that only the server understands, others tend to use nested > directories, eg: > http://news.bbc.co.uk/1/hi/world/middle_east/3845517.stm > > Daniel. > > > -----Original Message----- > > From: Robert Taylor [mailto:[EMAIL PROTECTED] > > Sent: 28 June 2004 14:51 > > To: [EMAIL PROTECTED] > > Subject: [OT] Anatomy of a long URL > > > > > > I'm not sure the subject of this email is indicative of my > > question, but I have always wondered why amazon, sun, and some financial > > institutions, > > use long URL's for invoking actions. My only guess, since I've > > only worked at small companies where all the applications pretty much > > run on > > one machine, is that the URL contains either encoded/sensitive > > information or contains session information. I'm just wondering why > > the heck does > > it look so darn complex. > > > > For example, I just downloaded Sun's J2EE 1.4 SDK > > > > http://192.18.97.53/ECom/EComTicketServlet/BEGINjsecom16c.sun.com- > 9660%3A40e01d9a%3A3099733a3e651ac9/-2147483648/428874567/1/483962/ > 483914/428874567/2ts+/westCoastFSEND/j2eesdk-1.4_01-oth-JPR/j2eesdk-1.4_01-o > th-JPR:1/j2eesdk-1_4_01-windows.exe > > > after the "/-" then there appears to be some random numbers delimited by > forward slashes. > Is this some technique for sharing sessions across different applications? > > My apologies if this is one of those things that "everone" know's about > except me. > I really wasnn't sure how to google on this topic either, so if there is > some general > documentation I missed, please point me to it. > > > robert > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]