Hi Jason,
I've heard of Get, Post, Put and Delete, but what are Head, Options and
Trave?
Jason Lea wrote:
Hi Shane,
I guess it is so they can have one servlet method per HTTP method
The spec includes doGet(), doPost(), doPut(), doDelete(), doHead(),
doOptions(), doTrave()
HTTP/1.0 has doGet,
, SecurityFilter is running smoothly :-)
-Original Message-
From: Jason Lea [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 6:21 PM
To: Struts Users Mailing List
Subject: Re: Allowing only POST for form submittal
Hi Shane,
I don't think it really matters.
Say you have a hidden
Thought trave couldn't be right. I was just worried whether they would
open up more possibilities for crackers, especially since I've list the
methods in my web.xml so:
LinkLibrary Application
/secure/*
DELETE
GET
POST
PUT
and I just based this on the web
I have worked with Struts at a few different companies now and I noticed
none of them try
to do any checks to see that only POST methods can successfully make it to
Actions
which handle forms submittals. Struts allows GETs and POSTs to make it to
every Action
so it seems like this would b
Adam Hardy wrote:
Hi Jason,
I've heard of Get, Post, Put and Delete, but what are Head, Options and
Trave?
Oops, should be Trace.
as to what they do...
Servlet Spec 2.3, 2.1.2 says:
The doHead method in HttpServlet is a specialized form of the doGet
method that returns only the headers produce
:-)
-Original Message-
From: Jason Lea [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 6:21 PM
To: Struts Users Mailing List
Subject: Re: Allowing only POST for form submittal
Hi Shane,
I don't think it really matters.
Say you have a hidden field containing an id in your
Hi Shane,
I don't think it really matters.
Say you have a hidden field containing an id in your form that is posted
back to an action. A user could copy that page to their hard disk,
modify the field and then submit it. They would still be POSTing so
your action would be happy. You still ne
7 matches
Mail list logo
