On the other hand, a user can recieve any POST values also I think. Only the Sessions are non-recievable... You cannot protect against everything... and you should not store valueble data in the website, only keys to recieve it from the server. That way a user from outside cannot snap up anything he/she dosen't have the right to know...
/ Jan -----Ursprungligt meddelande----- Fran: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]]For Vibha Jindal Skickat: den 19 december 2001 10:35 Till: [EMAIL PROTECTED] Amne: Re: Forwarding a request to a cgi script on a different machine Hi, I had thought of this, but was apprehensive that the user might use the browser back and would be able to see the values in the hidden flags... What do u think? Regards, Vibha > ----- Original Message ----- > From: A mailing list about Java Server Pages specification and reference > <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, December 19, 2001 12:41 PM > Subject: Re: Forwarding a request to a cgi script on a different machine > > > > > > > > I have a small tricky to do it > > > > - your 1.jsp save that parameter in session, ex: name it with > > (String)param > > - redirect to 2.jsp > > - 2.jsp read param session > > - 2.jsp contain html and form inside > > <form action= method=post> ..<input type=hidden value=<%=param%> > > </form> > > - combine with javascript when the body onLoad document.form.submit > > > > it is more secure than redirect an show parameter on its address > > > > -dwi, unocal76 > > > > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
