Re: Get to Post

Mon, 30 Oct 2000 09:07:36 -0800 

Hi,

    I have been following this thread and i just want to add some things:

    I think that you can't prevent in any way that a user that has acces to
a page
to send what from data he wants.
Somebody could save the HTML locally and
change ex. <input type="hidden" user_id="12"> to
<input type="hidden" user_id="15">.
I mean that this centence is unrealisable 100%:
"I do not want someone to change the URL parameters and
attempt to see someone else's details".
      My opinion that this approach is wrong, i would use an user
autorization method
like session or HTTP authentication and keep my user info in safe place not
in hidden
form fields.
      Also i use hidden fields myself, but (manually changing) the value of
them (in worst case)
it will have the side effect of an exception to be thrown  but not illegal
access or database
inconsistency.

p.s. Any comment is welcomed.

Andras.





----- Original Message -----
From: "vsr" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 30, 2000 2:56 PM
Subject: Get to Post


> Hi
>
> How can I convert a GET request to POST in the HTML
> Page ?
>
> What I mean is that I do not want someone to change
> the
> URL parameters and attempt to see someone else's
> details.
>
> Even if the user clicks on the link, it should
> be sent as POST to the Servlet so that the user
> cann't see the parameters in the URL.
>
> I have seen this before but couldn't re-collect.
>
> Thanks
>
>
> =====
> vsr
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf!  It's FREE.
> http://im.yahoo.com/
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to