[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Security question/concern on resource URLs
When using producer url rewriting (templates) and using 1.0 style resource proxying, the producer fills in the resource template and replaces the {wsrp-url} with the absolute URL to the resource. This is rendered and sent to the browser, creating a URL like http://consumer/resourceServlet?wsrp-url=http%3A%2F%2FresourceHost%2fresourcePath&wsrp-rewrite=true. The problem is on the browser client-side scripting (or manual editing) may be used to rewrite this URL to point to a different resource. Is there anyway to prevent this? Presumably when using consumer rewriting the consumer MAY use an entirely different URL scheme which replaces the resource URL with an id. Also, the 2.0 resource operation may be used similarly, but managed by the producer. Any thoughts on this? On the other hand, URL rewriting is commonly used for RIA application (e.g. REST urls). Is there anyway to support both? Nate Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]