Hi all c.s.misc'ers,
I posted a message a few days ago to comp.lang.java.programmer
but I didn't get any replies so I try here, I hope it's not
too much offtopic...
It's about a technique I would call "URL signing" that is really
easy to implement on any Java Web application server using a
"clean" design (like, amongst other things, having every single
request going through a controller firt, then getting dispatched).
But it should be easy to implement on a lot of other different
This technique works, and it works pretty well. It is currently
in use on a production server. What I would like to know is what
is the name of this technique and where/who described it / used
It is really the first thing I thought of when my client asked
me to protect about the more common Web server vulnerabilities,
I am surprised that I cannot find any informations regarding this
technique on the Net (I googled and groups.googled...).
Below is the message I posted to comp.lang.java.programmer...
To secure the WebApp server of one of my client who was
really concerned about various security issues, I devised
a nice cute little "hack" which I would call "URL signing".
Every single request goes to a front controller servlet
which then dispatch to the correct jsp page (after the
business logic has prepared all the results bean).
Every single link in any of the jsp page transmitted to
the client is generated with a checksum that act as a
signature for the URL, like this (this example is not
precisely how I did it, it's just to show how it works) :
If a user tries to modify a single character in the URL
from his browser, then the front controller servlet will
dispatch to a special page indicating that URL has been
"faked" and fill the logs accordingly.
In a way it is "overkill" when using a Java-only WebApp
server (which is inherently imune to buffer overflow and
I hardly imagine some Java WebApp programmer allowing SQL
injection in the URL :)
But, still, it's a nice additionnal layer of protection.
Of course, for POSTed request it's different : the
checksum still applies (the way I did it), but only on
the parameters that the user can not modify.
The other parameters are then checked for validity too,
using the "normal way".
Then again, the way I designed the WebApp, not a single
of the "sensitive" page (page doing query on sensitive
datas) can be accessed using POST, but only using GETs.
So what this technique bring is : 100% protection for
every single GET request and partial protection for
The partial protection for POST is a really good safety
net : imagine you have an hidden form field with the
value "admin=no" (I wouldn't encourage anyone to show such
an obvious field with such an obvious name/meaning in a URL
though), well... If the URL is signed, the hypothetical
attacker simply cannot change it to "admin=yes"...
I don't advocate on relying on this technique alone to
secure a Web server, but I think it's a nice *additionnal*
layer of protection.
Have you ever heard of a term coined to describe this ? Have
you a ever heard of a Web server (Java or other, Open Source
or commercial, etc.) doing anything similar ? Any links ?
Thanks for comments and excuse my "french",