check whether the referrer for the page.
request.getHeader("REFERRER");Vikramjit Singh, Systems Engineer, GTL Ltd. Ph. 7612929-3140 -----Original Message----- From: Vibha Jindal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 10:01 PM To: [EMAIL PROTECTED] Subject: Security Issue - Urgent Hi, I am using the Post method to submit my form to a Servlet. I am also using hidden variables to set certain values that I get and interpret in my servlet. e.g., function undoData() { document.Form.hdFlagAction.value = "0"; document.Form.hdAuditId = "1234 document.Form.method = 'POST'; document.Form.action = "/NASApp/wisper/AuAuditorsSrv"; document.Form.submit(); } Now, all that is displayed in the URL is, http://157.227.15.228/NASApp/wisper/AuAuditorsSrv But, if the user just changes teh URL, e.g., makes it http://157.227.15.228/NASApp/wisper/AuAuditorsSrv?hdAuditId=1007, he can see the details of the AuditId 1007, though, since this wasn't his audit, he shouldn't have been able to see these details. Can anyone please help me and let me know, if I can do something in my servlet to ignore all that the user enters in the URL ? Regards, Vibha =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
