问题
Background:
I have a PHP based (Zend Framework) application. It is secure, and only users who have been invited are able to access its resources. One of the resources that I want to keep secure is a link to a private Google Calendar. This is a public link, but I want to be in control of who can view it. There may be a time when a user account will be revoked and I don't want that user to still be able to access the calendar.
So I would like to display this Google Calendar page without giving the user the ability to know its real location and without the ability to bookmark it (in case the user has been deleted):
I'm thinking I can generate some sort of unique url and display this in the view.
<a href="/secret/link/4b21efc1ae7bb">Click here to see this secret page that only users who have been given permission are allowed to see</a>
Since the actual url of the Private Google Calendar is public, and not on my server, I don't want the user to be able to know the url, nor be able to bookmark the url. I don't know if this will involve iframes, javascript, or whatever is necessary, but I need to be able to do this some how.
Question:
How can I display the Google Calendar, while keeping it's true location secure?
回答1:
Perhaps the best way is to let your server actually fetch the page from the other server, then deliver it as content to the browser.
In that way, the external URL is never sent to the browser and therefore it doesn't know anything about it. Instead all the client sees is a URL to your server. Doing it this way would allow you to set whatever security you want on your page.
Pretty much every web language (.Net, PHP, java, etc ) all have support for doing this server side.
UPDATE
Due to the changes to the question, here is a new approach: Use the Google Calendar API. It's built for exactly the situation you are in. It will allow you to display the google calendar within your site as well as manage the access control list via code.
回答2:
Why do you want to do this? You really can't completely hide the url of another page, unless you fetch the page and hide it by displaying it on a POSTED form page on your site.
You could try overlaying it in a frame, but the url still could be found.
If you want something simple, to prevent people from causally not bookmarking the url, setup a POSTED link or form that directs to an framed viewer, (embedding the page within another). If anyone bookmarks or shares the page without POSTED data, it can display page not found or access not permitted.
回答3:
You could write code that would dynamically generate these URLs and permit them to be accessed only once. That way, users could bookmark them all they wanted to to no avail.
回答4:
You could create your own proxy page.
When this page is called, your code will:
- Call the real URL (the one you want to hide).
- Scrape the HTML out of it.
- Remove any references to the hidden URL in that HTML.
- Spit that HTML back to the client.
Also, as per @DanLoewenherz's idea, that page will only work once.
I'm not sure what language/stack your using, but the above is possible in ASP.NET MVC.
回答5:
There is no completely secure way to do this without creating your own authenticated proxy server that fetches all of the HTML, JS, CSS, etc., modifies all URLs, and returns them to the user. This is not a simple task.
回答6:
Best option is IMO generating the Google Calendar yourself (using Zend_GData) and handel the "securing" yourself. That's the most secure way of all ;)
回答7:
To see this page some kind of authentication is needed? if doesn't, I guess this solves the problem.
<?php
$page=curl_init("http://google.com/calendar/...");
curl_setopt($page,CURLOPT_RETURNTRANSFER,1);
echo utf8_decode(curl_exec($page));
?>
回答8:
Have a page that does:
file_get_contents('http://www.example.com/gcal');
And generate a secret URL for that page.
回答9:
Using Zend, you could use the class Zend_Http_Client to fetch the page from an external server, and return it to the user.
回答10:
using Apache Web Server you can use mod-rewrite
http://www.yourhtmlsource.com/sitemanagement/urlrewriting.html
来源:https://stackoverflow.com/questions/1910745/how-to-display-a-web-page-and-keep-its-location-a-secret