hi there
as far as i see from your description, the servlet framework won't offer
a direct solution your problem.
after all, you need a way to decide whether a request came from the good
(same server) html or some other, bad html.
the only way to recognize an allowed request would be to encode
additional information in it.
if security is not a major issue,
you could just encode the server's name or ip into the url and you'd be
fine.
if security is wanted, you encounter the following:
how prevent someone from copying the request-url plus its additional
information?
obviously by making the additional information temporary, i'd call this
a "ticket".
this means the good html (i.e. the links it contains) will have to be
generated on-the-fly.
this is similar to session-tracking by url-rewriting. the difference is
you don't track users, but time frames.
a request with a valid ticket is most likely originating from your good
html.
hope this helps
m.
Nikolaos Giannopoulos wrote:
>
> Hi,
>
> I'm sure that this is possible - I'm just not sure the best way to approach this....
>
> How can I limit requests to a servlet such that they only originate from web
> pages on the same server as the servlet?
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
