Ron Reynolds wrote:
> i don't even overload doPost() and doGet() anymore in my servlets - i go
> straight to service(). is that bad if i don't treat posting vs. getting
> differently? i can't imagine why, but in case anyone has a good reason not
> to do it that way i'd be happy to hear it.
This is something to avoid if security is an issue.
First of all GET puts the parameters in the URL. That means they can be
bookmarked, which means potentially sensitive information is being stored in the
bookmark file. Not good.
Second, if you mean for a Servlet to be called with a POST, it should not be
invoked with a GET and vice versa. If a Servlet is invoked with an unexpected
method (like, say, PUT), it could indicate that a cracker is looking for holes
in your system by playing around. It's not a definite alarm, but certainly a
red flag that should be noted in a security log.
-- Charles
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
