About not displaying real URL's RRS feed

  • Question

  • User-326746839 posted


    I'm still pending with the issue of not displaying real URL's in the address bar?

    I think this will be as simple as creating a "mask" so the real URL is kept withing the application and not shown to the world, isn't it?

    This should be a rather trivial issue to be solved by the support team because once implemented
    it will secure your application of unwanted queries to your database
    by means of someone writing them down directly in the address bar ... or not?

    Carlos N. Porras
    (El Salvador)

    Sunday, October 19, 2014 10:29 AM

All replies

  • User-1315512054 posted


    You could use URL rewriting of iftame if you with, but in both cases you should protect your data. If someone decide to try to compromise your website then URL hiding will not help.


    Sunday, October 19, 2014 3:16 PM
  • User-326746839 posted

    Hi and thanks

    I agree that against hacking not much can be done at amateur level
    but you also must agree that facilitating people to be doing "SQL Poisoning" to your database 
    is not a clever idea either, or is it?

    I think is not a trivial topic and a class should be built by Microsoft in order to accomplish the task
    of protecting your application against unwanted queries facilitated by yourself shown in the address bar.
    (they shouldn't ever had to be put there) !!!

    At least I'd like to have the URL writing source code so I can see
    if anything come to my mind to figure out how to solve this issue

    I have seen serious tought absou this matter on web servers as the Apache one: 


    Carlos N. Porras
    (El Salvador)

    Sunday, October 19, 2014 5:57 PM
  • User-1926401737 posted

    Hi Carlos,

    I think this will be as simple as creating a "mask" so the real URL is kept withing the application and not shown to the world, isn't it?

    In my opinion, what we need to do is protecting sensitive data in URL's.  A few methods can be implemented to protect the data that we are transferring from tampering. You could refer to the following link to get more information about how to protect sensitive data in URL’s.

    Hope it will be helpful to you.

    Best Regards,


    Monday, October 20, 2014 10:00 PM
  • User-326746839 posted


    I wouldn't agree more IF we we not talking about ASP.Net Dynamic Data
    BUT I will have to un-check your answer as STILL no-answer

    If you had worked with DD then you surely knew that the URL painted on the address bar
    is the one that comes from inside your code
    and is the address that you app needs to keep on working,
    so I was wondering if there was a method or a way for "not publishing" this data
    (BUT USING IT INSIDE DD  .... because you need it) 

    What I want to do is simple. I want to create a method
    (so I need to rewrite the original Framework class)
    and create a "mask" method so instead of painting the real 
    URL adress I will be displaying an AD in the address bar instead

    "like: Thanks, Call Again" and not http:// businessname.com/List/List.aspx?id=12345

    Best regards

    Carlos N. Porras
    (El Salvador)

    Friday, October 24, 2014 8:42 AM
  • User-326746839 posted


    It will be good to provide sample code ..... isn't it?
    (ASP.Net Dynamic Data Code)

    Carlos N. Porras
    (El Salvador)

    Friday, October 24, 2014 8:50 AM
  • User-330204900 posted

    Hi Carlos, I may get chance to look at this as I am going to the MVP Summit at Microsoft Campus Redmond next week so I may get the time to have a look.

    Tuesday, October 28, 2014 12:44 PM
  • User-326746839 posted


    Is really strange that a lot of expert people hadn't mentioned that this is rather trivial
    and that you can do what I have asked here so many times before by means of rewriting the URL via IIS

    Carlos N. Porras
    (El Salvador)

    Friday, November 21, 2014 11:19 PM
  • User-330204900 posted

    I was aware or URL rewriting but I had not looked into it as I don't' have the luxury of using the lasted IIS my main client has only just moved from IIS6x to IIS8 :) so I had no idea

    Sunday, November 23, 2014 5:53 AM