0

I have a URL that I will send to a different user and it looks like below:

http://localhost:8080/repository/pantonpaper/flexpaper/flexer.jsp?nodeID=27452&graphID=12221211111111

The parameters represent the value of the file ID so the end user is able to view it when he paste it on the browser and it needs to be there to work. However,if user changes the value of the nodeID,which is the file ID,he or she might be able to view other files which I am trying to prevent this from happening.

Is there any way to hide the parameters when I sent the URL to the person?

halfer
  • 19,824
  • 17
  • 99
  • 186
Daredevil
  • 1,672
  • 3
  • 18
  • 47
  • You don't. You use POST and send them in the body. – user207421 Mar 12 '19 at 09:28
  • @user207421 — That (a) doesn't create a URL which can be copy / pasted and (b) is only slightly harder for the user to change the value of the nodeID with. – Quentin Mar 12 '19 at 09:30
  • @Quentin Of course it doesn't. The question as asked embodies a contradiction in terms. – user207421 Mar 12 '19 at 09:34
  • Hi Daredevil. Please refrain from adding please-help begging to each and every post - this has been removed several times now. We favour succinctness here. – halfer May 13 '19 at 17:53
  • Note that we prefer a technical style of writing here. We gently discourage greetings, hope-you-can-helps, thanks, advance thanks, notes of appreciation, regards, kind regards, signatures, please-can-you-helps, chatty material and abbreviated txtspk, pleading, how long you've been stuck, voting advice, meta commentary, etc. Just explain your problem, and show what you've tried, what you expected, and what actually happened. – halfer May 13 '19 at 17:53
  • @halfer Just out of curiosity,you have been editing my questions for the past days,what is going on? I posted each question carefully without duplicate,explaining the core problem,etc. – Daredevil May 14 '19 at 02:11
  • Volunteers are keen to give back to Stack Overflow as a community resource by closing low-quality questions and improving material by editing. You'll see from my profile that I edit and vote a lot. Some folks I will edit multiple questions (for chatty material) on the basis that as one post is improved, another question featuring the same issues is created. Editing several posts - and commenting to explain the edits as I have done - is an attempt to reduce the amount of new editable work being created. – halfer May 14 '19 at 07:44
  • The canonical advice for [chatty material is here](https://meta.stackoverflow.com/questions/260776/should-i-remove-fluff-when-editing-questions) and there's a [discussion on begging here](https://meta.stackoverflow.com/questions/366264/how-can-we-encourage-new-authors-to-ask-confident-questions) (there is an answer on the second link that reveals some kinds of pleading can have a statistically significant effect on voting, so the advice benefits question authors as well as curators). – halfer May 14 '19 at 07:45
  • Advice on [home-made title tagging is here](https://meta.stackoverflow.com/questions/253028/why-is-removing-tags-from-the-title-suggested-so-often). – halfer May 14 '19 at 07:50

1 Answers1

0

Is there any way to hide the parameters when I sent the URL to the person?

No.

If you need to restrict some URLs so they can only be accessed by some people, use authentication and authorisation (e.g. usernames + passwords and a list of which users are allowed to access any given file).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • I mean my URL works in this format as shown above so I want it have some form of protection because the other user does not need to be part of the user and login authentication and still able to view it. – Daredevil Mar 12 '19 at 09:30
  • Then introduce a different authentication system. Put the details in the URL itself. A different password wouldn't give access to a different file. – Quentin Mar 12 '19 at 09:35
  • Would this work: https://stackoverflow.com/questions/23947992/how-to-encrypt-encode-url-parameters-in-jsp practically speaking? – Daredevil Mar 12 '19 at 10:11
  • @Daredevil — No. Using a very common two way encoding to obscure the number isn't going to make it hard to people to recognise the encoding, decode it, change it, reencode it, and loop through all the numbers that way. Use a password. – Quentin Mar 12 '19 at 10:24