Dirty URLs are complex, hard-to-read, difficult to type, are a security risk, and just all around SUCK. Joe Lima & Thomas Powell have written a good article on evolt.org about moving towards Next Generation URLs.
Good stuff all around. Thoughtful stuff. It talks about planning for server redirects for URLs as well as app-wise. Follow these suggestions, and your site will all of the sudden be more usable and improve the experience for both the users and the developers.
There is no reason for Google to have clean URLs, because it's a search engine. There is no way in hell that they could have clean URLs for all the words.
But Microsoft is a good example. It's a large, complex and dense site. I never go to http://www.microsoft.com/ because I know that they've spent the time adding clean URLs. I can go to http://www.microsoft.com/mac and be redirected to their office area, or /word and go to the word site, etc...
Security wise it is an issue, because by passing in the parameters through the URL, you are just giving people an opportunity to try and overflow, SQL inject, etc. Take away the visible parameters, and it's just another step for the 'bad guys' to take to try and exploit your site/app.
I think URLs should be clean for corporate sites. I think URLs should be clean for most application areas. I think that thinking about clean URLs is just another aspect of well-rounded site design.
Comments
Eric
Sorry, but that article is a bunch of crap. URLs don't have to be "clean" unless you WANT someone to type them in, often called a "Vanity URL".
The security risk is moot, if someone knowing your query parameter is a risk, you have much bigger problems than this to deal with.
Just think about the fact that if Google used "clean" URLs, you would have no way to determine what search terms someone used to get to your site.
Posted by: Eric | July 8, 2003 10:51 AM
Tony
There is no reason for Google to have clean URLs, because it's a search engine. There is no way in hell that they could have clean URLs for all the words.
But Microsoft is a good example. It's a large, complex and dense site. I never go to http://www.microsoft.com/ because I know that they've spent the time adding clean URLs. I can go to http://www.microsoft.com/mac and be redirected to their office area, or /word and go to the word site, etc...
Security wise it is an issue, because by passing in the parameters through the URL, you are just giving people an opportunity to try and overflow, SQL inject, etc. Take away the visible parameters, and it's just another step for the 'bad guys' to take to try and exploit your site/app.
I think URLs should be clean for corporate sites. I think URLs should be clean for most application areas. I think that thinking about clean URLs is just another aspect of well-rounded site design.
Posted by: Tony | July 8, 2003 11:06 AM
Fred
Sorry, but clean URLs are crap.
Posted by: Fred | November 11, 2003 07:58 PM
Tony
Fred, I think you're wrong. And without any more reasoning behind your opinion other than "it's crap", that's all I can leave it at.
Do dirty URL's all you want. I think you're making a mistake.
Posted by: Tony | November 12, 2003 01:25 PM