1

I have read articles that give various ways to do "URL masking" so that the browser's URL bar does not show the actual location of the content. Such methods include setting up an .htaccess file, showing content in an iframe, or loading content from another source with javascript.

The problem with all of these methods is that the URL shown in the browser can actually be used to view the content I want to protect, even though it's coming from another location.

I need a way to have the browser display protected content while the URL bar displays a URL that will NOT show that content, because I don't want a person who has been given access to the content to be able to share access to that content by giving the URL away to others.

Is this possible?

David Woolley
  • 63
  • 6

1 Answers1

0

Maybe you could use something like a randomly re-generated URI. Every time the link is consumed through an authorized channel, the route is invalidated on the server, and a new one takes its place.

Note: The safest way to prevent unauthorized access to a URL may be to add authentication (user/pass or otherwise) to your content.

slasky
  • 2,726
  • 4
  • 27
  • 36
  • That's irrelevant to the question. The subject may be wrong because the content isn't protected. Only the URL is protected. There are several reasons why a public content should not reveal its URL. One of them is to deter users from bookmarking the page. This is useful for dynamic contents where the page viewed will not be available at a later time. An example is a news site. – alvits Jun 09 '16 at 23:00
  • Fair enough. I edited my response with a different idea. – slasky Jun 09 '16 at 23:29
  • I am familiar with methods that are typically used to protect content, like password protection through an .htaccess file. Of course, a password is just another piece of information that is easily spread around. We have a WordPress e-commerce site, and Wordpress has its own security mechanisms, but this particular content is an online flipbook that's run by standalone software and cannot be embedded into WordPress. I have a way to send a user to the flipbook only after they pay for it. The remaining problem is they'll see the URL when they get there and can pass it along to anyone. – David Woolley Jun 10 '16 at 22:46