Meredith Seitchik wrote:
> I am tring to pop another web browser from my applet and call a servlet that
> requires a post. I use the showDocument() method in AppletContext passing a
> URL with params. I can successfully call servlet as a get but not as a
> post. I need to call it as a post due to security concerns of passing
> username and password parameters from the applet. Does anyone have any
Kevin Jones ([EMAIL PROTECTED]) wrote:
> Try using the HttpUrlConnection class, set the requestMethod to post and add
> the user name and password to the output stream (you'll need to set the
> content-length header as well.
>
> By the way, why does using post fix the problem of passing username and
> password from the applet?
A GET submission is sent as a single line with the arguments appended to the URL
in the following format:
http://some.site.com/servlet/someservlet?username=Joe&password=Secret
The CGI script or servlet then has to parse the URL to get the
arguments. Note that any spaces, odd characters, etc, in the
arguments are url-encoded to keep them from confusing the server.
Since it's a URL, it can be bookmarked. This is poor security.
A POST submission is sent as a URL on one line and the arguments
as a separate line. This cannot be bookmarked. It doesn't solve all
security problems, but it solves some.
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
