Jump to content


Photo

Secure URL alternative using static encrypted URL


  • Please log in to reply
No replies to this topic

#1 Jill

Jill

    Moderator

  • Trumba Community Expert
  • PipPipPip
  • 1,243 posts
  • Location:Seattle, USA

Posted 31 July 2006 - 04:05 PM

Using Secure URLs
If you want to published a calendar for use by a limited group of people, such those who have access to your company's intranet, you can use secure URLs. To create secure URLs, you use the calendar publishing settings and sample code that is provided by Trumba Development. You can learn about this process and download the sample code from the Trumba Help: Use secure URLs to grant limited access to a calendar

This code generates a new encrypted URL for each user session, and it expires one day from the time it was generated (or when the user closes the browser window). The URL allows users inside of your secure environment to view your calendar without entering a password. Each URL works only in the browser in which it was created, only for the time specified. Therefore, no one can copy an URL from your source code and try to use it outside of your secure environment.

Using a less secure encrypted URL
If you want a less-complex option, you can create an URL to your calendar that contains the required parameters (including an expiration date), but does not change until you change the URL manually or the URL expires.

NOTE This option does not expose your calendar password directly, but because the URL stays the same until you change it, anyone who knows the URL can view the calendar inside or outside of your secure environment, as well as share the URL with others, whether intentionally or not.

Create the static, encrypted URL
First, because you still need to encrypt the URL for your calendar, you'll need an online MD5 encryption tool. Two examples that we used are: iWebTools and B-Con, which we found with a basic web search. Both worked fine during our tests. However, Trumba Corp. is not associated with either of these companies, and the owners of these tools could change or remove the tools at any time.

Spud code that you enter in your page to display a calendar that is protected through secure URLs must carry two parameters:
  • expires The expires parameter is a UTC date in yyyyMMddHHmm format. It tells Trumba how long access to the calendar should be granted with this URL. If you want to create a static URL, which you would update manually when it expires (by repeating this procedure), use a date that occurs a few weeks or months into the future.
  • hash The hash parameter is a hexadecimal string that contains the MD5 hash (encryption) of a query string that you build using your calendar name and two other required parameters.
Build the URL
  • Create the query string that you will encrypt. It looks like this:
    calendar=webname&expires=expiration&hash=yoursecurekey
    Where you replace the blue placeholder text with the appropriate values. The expires parameter requires the same date format described in the list above, and you get your secure key from the Publishing Settings page. (More info: Get a secure key for your published calendar)
  • Navigate to the MD5 encryption tool that you're using, enter the query string, and encrypt it.
  • Select the copy the encrypted string and paste it where you can have access to it when you want to put spud code into your page.
Use the hashed string in your spud code
Once you have the MD5 hash of your query string, you provide the hash and your expires value to the $Trumba.addSpud() call. These values must appear in string fields on the url parameter.

Here's an example of a secure request for the KEXP calendar.
$Trumba.addSpud({
  webName: "kexp",
  spudType: "main",
  url : {
	expires: "200702021400",
	hash: "A4C93424343243AE89B3D"
  }
});





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users