Hiding urls in a Rails 3 application

2019-08-05 16:27发布

问题:

In an attempt to improve site security, I would like to mask or hide urls in a Rails 3 application. I don't want "friendly" urls. I would prefer that just the domain be displayed in the browser address. I read that it is possible in rails 2 but not in rails 3. If that is true, what else can i do?

UPDATE: Is hiding ID's the best i can do? If so, what is the best method?

Thanks.

回答1:

Check out some authorization solutions. CanCan has worked for me in the past and is simple to implement.

EDIT: After reading your question this doesn't do what you want (mask urls), but if your goal is to improve site security implementing an authorization solution is a much cleaner thing to do than just hiding urls from an end user.



回答2:

Build everything in a frameset. That will hide the URL from the address bar. But it will do nothing for site security as an attacker can just read the page source and find them anyways. There is no real way to hide the URL from the browser and therefore a dedicated attacker, as the browser is going to need to be told where to go.