-1

I want to pass data from a view (link) to a controller so it can look up the related information. Services for a company, in this case.

I see examples where people have added to params like this:

<div>
    <%= link_to 'Services', :controller => 'company', :action => 'services', :company_id => @company.id %>
</div>

...but that results in a transparent (unsafe) URL like this:

http://localhost:5000/company/services?company_id=17

Is there a way to get around this without stuffing data into the Session? What's the best practice on links inside an app that requires authentication?

vbsql7
  • 684
  • 2
  • 9
  • 17
  • What's unsafe about the URL? – infused Jan 13 '15 at 23:33
  • 1
    You need authorization, not just authentication. You can also use GUIDs instead of straight IDs, but there's nothing wrong with exposing data like this if your app has proper auth/auth in place. – Dave Newton Jan 13 '15 at 23:53

2 Answers2

0
<%= link_to "Sign in", new_session_path(:id => Base64.encode64("1")) %>

and in your controller

def new
  id=Base64.decode64(params[:id].to_s)
end

this is another form for create a link with data

check your routes with command un console rake routes

for more information read this documention

http://apidock.com/rails/ActionView/Helpers/UrlHelper/link_to

Luis
  • 535
  • 2
  • 14
  • if you dont need for the value visible in url using a Base64 in request for METHOD GET the parameters go in url forever and one link_to work with GET METHOD – Luis Jan 13 '15 at 23:46
  • No doubt Base64 will work, but in a real rails application how/where we are going to wrap this encode & decode functions ? – Ajay Jan 13 '15 at 23:58
  • is for encode data work in all project for example where encoding? in your send data, where decoding? in your get a post params action for controller,i am using in all links to my server per more secure data – Luis Jan 14 '15 at 00:03
  • but where to place this encode/decode logic in a real time rails applciation ? – Ajay Jan 14 '15 at 00:04
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/68779/discussion-between-ajay-and-luis). – Ajay Jan 14 '15 at 00:08
  • i don't understand fine your question, but if your question refer to where you enable using in real time decode/encode data, this working in views and action controller and this execute when load your view or your action – Luis Jan 14 '15 at 00:12
0

THere is no such major harm in passing data like this in View.

Still if you insist on having, then check prettyurls:

http://railscasts.com/episodes/314-pretty-urls-with-friendlyid

Prior to we must have valid checks in controller & model files.

 1. Valid Checks and redirection in Controller is helpful.
 2. Depending on need adding validations in model can be a good support.
Ajay
  • 4,199
  • 4
  • 27
  • 47
  • Pretty URLs aren't any different, though, you're still uniquely identifying an entity. The issue is whether or not the user I is authorized to view, modify, etc. what they're trying to access. – Dave Newton Jan 13 '15 at 23:54