16.4.7.5.4 Experiencing URL Checksum Protection

Witness the URL tampering protection for image serving pages using a page item for the image ID.

As shown below, the break room Interactive Grid using the checksum-protected URLs is identical for the end user:

Figure 16-37 End Users Notice No Changes Using Checksum-Protected Image URLs

Description of "Figure 16-37 End Users Notice No Changes Using Checksum-Protected Image URLs"

However, now every image URL ends with the a long cs checksum parameter whose impossible-to-guess value differs for each image URL produced:

⋯/woods-hr/get-breakroom-image?p9005_id=13&session=304⋯573&cs=1kSRFy⋯rUoqRt

A user who copies the URL for image ID 13 and tries to reuse it for a different image ID value receives the following error page. The figure shows the error dialog they see instead of the image they are not permitted to view.

Figure 16-38 Clever Users See Error When Manually Modifying an Image URL

Description of "Figure 16-38 Clever Users See Error When Manually Modifying an Image URL"