I don't usually send the filename hashed. I merely include a hash of the parameter that was created with a secret seed. At the other end, I can determine if the payload was messed with by seeing if the parameters match the hash of the params. This makes life a lot easier to debug, is pretty secure (although someone who guesses your seed can make you do anything they want), and makes it easier on the server end, since you don't have to maintain a map of hash values to file paths. Any request that fails the hash test just gets sent an error page.
--sam On 12/6/06, Dennis Sinelnikov <[EMAIL PROTECTED]> wrote:
Dear Fellow Tapestriers :), I need to implement an EngineService that will return a specific file living on a filesystem. I need to pass a parameter in the url that specifies which file to return. I've searched the tapestry list serve archives for an elegant solution, but nothing really caught my eye. My initial thought was to do a one-way hash of the file and pass it via the parameter in the url; when the url comes back the service would "replicate" the process by comparing the hashes of all the files and see which one matches; the one matches return to the user. I'm curious to see what others are doing in securing urls from malicious users. Sample code or any suggestions are greatly appreciated. Thanks, Dennis --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
