View Full Version : Hide information on the URL bar & the Explorer tab
03-09-2010, 10:34 AM
I have a question, which is asked from my client.
"When browsing on any of our storefronts, the URL bar shows the full
string of where the shopper is on the site, and the Explorer tab shows
the HTML commands pertaining to the category description.
Is there a way to disguise, hide, or shorten this information. It does
not look good and does not feel very secure..."
Can anybody provide some information on this?
03-09-2010, 05:55 PM
The short answer is no, absolutely not. You must use a url that points to the page so removing that would lock all users to the homepage.
The long answer is that you can work around this some and perhaps improve the look of the url.
There are four possible ways to approach it:
Don't bother with this.
2. Use frames. This is an easy way to display the url of the homepage (or any page you'd like) that then contains a frame with the actual store or whatever else you'd like to display. The user can find the url being requested, but it won't be displayed anywhere directly.
Frames are bad for a few reasons, though, so this is not an ideal solution.
3. Use PHP or another serverside language to create a dynamic url.
There are a number of approaches here, but basically you can use PHP to create a dynamic page that will serve various "surface level" pages to the user based on a few things.
The most common is using "get" variables: page.php?id=7, where then the page called "7" in some list (on your server) would be displayed. This can be complex using just as much information as in your current urls: page.php?cat=software&product=something or you can simplify it somehow with abbreviated variables like id=7, etc.
This won't "hide" the real url, but instead it will just make it look different. So the security of, for example, pasting the url to a friend won't change.
4. Use .htaccess (mod_rewrite) to dynamically change the url:
this is similar to PHP, but a little more complex to use. Basically it lets you program the server to take incoming requests of one sort and display pages of another sort based on rules. For example, you could replace all "1"s with "2"s in your urls:
actual page served: /page2.htm
the URL will read: /page1.htm
And in this case "page1.htm" does not need to exist-- the server will just pretend that it does.
So this could create a simplified url as well.
But still like PHP above it's not possible to use this to hide the location so that people can't access it again.
None of these methods can be used to "secure" the URL, just to change it.
There is one final way you could consider, but be aware that this would be hard to setup (both programming and mostly logic), and it would limit users, for example in hitting the back button or reloading the page (possibly).
Instead of using links on your website, use forms. This doesn't mean it can't be still "link" graphics (text that submits a form) or even that they need to fill in information in a form, but that instead you will have them actual submit data (behind the scenes) to the server.
Then after this, the data can be stored in a session or cookie variable and you can act on that rather than on the URL.
So to choose a product submit a form for that product. Then the SAME page loads, but since there is now post variable information that helps the server know what to do, the page will then display information about the product. If refreshed, the data can then have been stored in a session variable, you can do the same, etc.
It's a very complex process and annoying because if someone bookmarks a product and returns at a later time they will instead get your homepage.
So the bottom line is that your customer doesn't know enough about web design or web customers to understand that this is a terrible idea. Can you "do" it? No. Can you kinda "do" it and make it somewhat effective while not solving everything and possibly being awkward for the user? Yes.
The simpler answer may be to simply rename all the folders to something shorter so the URL doesn't look as bulky. There's nothing wrong with doing that (but also no gain for 'security').
IMO, .htaccess (possibly combined with php) is the best way to get "pretty" urls. "Pretty" can mean the user will see www.mysite.com/store/books-about-cupcakes instead of www.mysite.com/prod/item.php?cat=book&item=771, or it could mean the user will see a made-up url (e.g., www.mysite.com/welcome) instead of the true location.
More importantly, "pretty" means that it's all just skin-deep: looks better, but has no effect on function. The browser still knows where it's going (it has to), so the user can figure it out if they want to.
Trying to completely "hide" urls makes your site look sneaky, suspicious, and underhanded. You're telling the user to close their eyes and trust you, but there's something you don't want them to see.
"Hiding" urls, etc. doesn't really work, so it doesn't make your site "more secure" in any way. In fact, knowing their location on your site actually helps keep your users "safe," in that they can more easily tell when something is wrong.
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.