如何显示网页并保持其位置的秘密？ [英] How to display a web page and keep its location a secret?

问题描述

背景：

我有一个基于PHP（Zend Framework）的应用程序。这是安全的，只有被邀请的用户才能访问其资源。我想保持安全的资源之一是指向私有Google日历的链接。这是一个公共链接，但我想控制谁可以查看它。可能有一段时间，用户帐户将被撤销，我不希望该用户仍然可以访问日历。

所以我想显示此Google日历页面无法让用户知道其真实位置并且无法将其加入书签的能力（以防用户被删除）：

我是我认为我可以生成某种独特的URL并在视图中显示。

 < a href =/ secret / link / 4b21efc1ae7bb>点击此处查看此秘密页面，只有获得授权的用户才可以看到< / a> 
  

由于私有Google日历的实际网址是公开的，而不是我的服务器，要让用户能够知道该网址，也不能将网址加入书签。我不知道这是否会涉及iframe，javascript或其他任何必要的内容，但我需要能够做到这一点。

问题：

如何显示Google日历，同时保持其真实的位置安全？ p>也许最好的办法是让你的服务器从其他服务器实际获取页面，然后把它作为内容传递给浏览器。

这样，外部URL永远不会发送到浏览器，因此它不知道任何关于它的信息。相反，所有的客户端都会看到服务器的URL。这样做可以让你在你的页面上设置你想要的任何安全性。

几乎所有的Web语言（.Net，PHP，Java等）都支持为此服务器端。

更新

由于问题，以下是一种新方法：使用 Google Calendar API。它完全适合您的情况。它可以让您在您的网站中显示Google日历，并通过代码管理访问控制列表。

Background:

I have a PHP based (Zend Framework) application. It is secure, and only users who have been invited are able to access its resources. One of the resources that I want to keep secure is a link to a private Google Calendar. This is a public link, but I want to be in control of who can view it. There may be a time when a user account will be revoked and I don't want that user to still be able to access the calendar.

So I would like to display this Google Calendar page without giving the user the ability to know its real location and without the ability to bookmark it (in case the user has been deleted):

I'm thinking I can generate some sort of unique url and display this in the view.

<a href="/secret/link/4b21efc1ae7bb">Click here to see this secret page that only users who have been given permission are allowed to see</a>

Since the actual url of the Private Google Calendar is public, and not on my server, I don't want the user to be able to know the url, nor be able to bookmark the url. I don't know if this will involve iframes, javascript, or whatever is necessary, but I need to be able to do this some how.

Question:

How can I display the Google Calendar, while keeping it's true location secure?

解决方案

Perhaps the best way is to let your server actually fetch the page from the other server, then deliver it as content to the browser.

In that way, the external URL is never sent to the browser and therefore it doesn't know anything about it. Instead all the client sees is a URL to your server. Doing it this way would allow you to set whatever security you want on your page.

Pretty much every web language (.Net, PHP, java, etc ) all have support for doing this server side.

UPDATE

Due to the changes to the question, here is a new approach: Use the Google Calendar API. It's built for exactly the situation you are in. It will allow you to display the google calendar within your site as well as manage the access control list via code.

这篇关于如何显示网页并保持其位置的秘密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！