Are secret URLs truly secure?

Question

I never leave backdoors in my system, but out of curiosity I was wondering if I left a secret URL like /x52d23r that allowed to bypass some sort of security, and this was on

Answer 1

The Waterken web server is a web platform designed by the security folk at HP research around secret (specifically cryptographically unguessable) URLs.

Applications built on it have some very interesting security properties as a result.

Done right, cryptographically strong secret URLs can provide high levels of security.

ACLs Don't is a paper from the waterken team on their security architecture.

Comparing the suggested defense to the capability based solution for the compilation scenario, and again assuming a Unix-like system: the URL is like the filename; and the unguessable token is like a file descriptor, approximating the unforgeability of a capability with unguessability. A legitimate page from the stock broker’s Web site first opens the stock purchase resource, receiving an unguessable secret. The browser then uses this unguessable secret to write to the stock purchase resource.