It was more of a security issue.
Any body in the world can make a request to Host a with a
"redirectedfrom in the url , and forge the request ! Thats hardly the
solution !!
If Host A is referenced by a direct request and not a click on the page
the
Referer header returns null.
-Sam
Cezar Totth wrote:
>
> Hi,
>
> On Fri, 20 Aug 1999, Srinivasan S (Systems Engineering Group) wrote:
>
> > sorry for this query how to add a query parameter with a URL
> >
> Well, its URL should look like:
> http://hostBaddress:8008/servlet/ServletName?RedirectedFrom=HostA
>
> add to the usual URL
> http://hostBaddress:8008/servlet/ServletName
> the "?RedirectedFrom=HostA" ; You can pass multiple query parameters
> by concatenating them with "&" (and) character:
>
> ?Param1Name=param1Value&Param2Name=param2Value
> ^
>
> However you need to read carefully JSDK's docs;
> the values for the parameters should be URL-encoded, before "packing" them
> in a query string.
>
> regards,
> Cezar.
>
> Concept, n.:
> Any "idea" for which an outside consultant billed you more than
> $25,000.
>
> >
> > #-----------------------------------------------------------------------#
> > # #
> > # "ARISE AWAKE and stop not till the GOAL is reached" #
> > # #
> > # [EMAIL PROTECTED] #
> > #-----------------------------------------------------------------------#
> >
> > On Fri, 20 Aug 1999, Cezar Totth wrote:
> >
> > > Hi,
> > >
> > > The two hosts, A and B can also establish a convention by adding
> > > a query parameter called "RedirectedFrom" :
> > >
> > > HostA adds an "?RedirectedFrom=HostA" to the URL, HostB does the similar
> > > thing with care on building the redirected URL to preserve existing
> > > query parameters and to add/change only "RedirectedFrom=..."
> > > parameter.
> > >
> > > So both servlets can search for parameter "RedirectedFrom" to see
> > > if current request isnt in fact an redirect, and if it is, who did
> > > the redirect.
> > >
> > > The "Referer" header may be there or not, depending on the browser.
> > >
> > > Cezar.
> > >
> > > On Thu, 19 Aug 1999, Craig R. McClanahan wrote:
> > >
> > > > Byte Code wrote:
> > > >
> > > > > Hi.
> > > > >
> > > > > Here is the scenario.
> > > > >
> > > > > Client send a browser requst to Host A
> > > > >
> > > > > Host A receives the request and redirects to Host B
> > > > > Host B does some work and redirects back to Host A
> > > > >
> > > > > How do we determine now on host A that the request came from Host B???
> > > > >
> > > > > If both the servers do a response.sendRedirect() then a getRemoteHost()
> > > > > and getRemoteAddress() always return the host and IP if the "originator"
> > > > > of the request. AKA the browser.
> > > > >
> > > > > IS there anyother way to determine on A that the request actually came
> > > > > from B?
> > > > > ( after redir )
> > > > >
> > > >
> > > > The problem is that the request really did come from the client in both
> > > > cases. That's the way that redirects work:
> > > >
> > > > * Client calls Host A (remote host is Client)
> > > >
> > > > * Host A sends "redirect" back to Client
> > > >
> > > > * Client calls Host B (remote host is still Client)
> > > >
> > > > However, the client browser might include a "Referer" header to host B that
> > > > said this request was "referred by" host A. Try looking for that (with a
> > > > request.getHeader("Referer") call).
> > > >
> > > >
> > > > > RFC 2109 and RFC 2068 arent really explicit on this..Any ideas people
> > > > >
> > > > > -Sam
> > > > >
> > > >
> > > > Alternatively, you could have Host A make the request itself to Host B (acting
> > > > like a proxy) and return the results, instead of doing a redirect. You could
> > > > use a URLConnection for this. Then, Host B would see Host A as the remote
> > > > host in the request, instead of Client.
> > > >
> > > > Craig McClanahan
> > > >
> > > > ___________________________________________________________________________
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > > of the message "signoff SERVLET-INTEREST".
> > > >
> > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > > Resources: http://java.sun.com/products/servlet/external-resources.html
> > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > > >
> > >
> > > ___________________________________________________________________________
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > Resources: http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > >
> >
> > ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
