When you say "safe" you mean:
1. safe from the client that uses the pages, in order not to adjust his rights, for
example? or
2. safe from the people that might try to steal confidential data from the users of
your site?
1. In the first case the session is the safest way (because the data is managed on the
server, no client can directly "touch" it).
2. Use SSL. It's unsafe even if you make your own socket connections. "They" :) still
might get it.
Anyway, using the session you can choose to delete the data at any time (simply
invalidating the session).
The session's purpose is the use in pages like you described.
Paul
11.03.2002 18:29:39, Nancy Crisostomo Martinez <[EMAIL PROTECTED]> wrote:
>Thank you very much for your answers!
>
>But Gary : ,
> Do you mean the URL parameters is the only way to pass parameters from a jsp
>(script code) to another jsp?
> This is because I need to pass the password and username as parameters... Is this
>safe?
> I really want to find the safest way to pass them......
>
>
>And Peter : ,
> I said I don't want to use the session object because I don't know if it is
>safe..... Do I have to use it?, is it safe?
>
>
>
>Thank you again!
>
>
>
>
>Gary Noone wrote:
>
>> Nancy--
>>
>> Rough code:
>>
>> In Valida.jsp)
>> <script>
>> openWindow("Portal.jsp?" + paramA + "=" + valueA);
>> </script>
>>
>> In Portal.jsp:
>>
>> <% String value = request.getParameter("paramA"); %>
>>
>> <script>
>> leftframe.location.href = "windowContent.jsp?param=<%= value %>
>> </script>
>>
>> Apologies for small mistakes in the code -- but you should get the general
>> idea. Drop me a line if this does not help.
>>
>> Gary
>>
>> -----Original Message-----
>> From: A mailing list about Java Server Pages specification and reference
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Nancy Cris�stomo
>> Sent: 11 March 2002 15:30
>> To: [EMAIL PROTECTED]
>> Subject: Jsp Parameters [Urgent!]
>>
>> Hi everybody!
>> Please I need help,...
>>
>> This is not a Tomcat question, but I know here I can find some JSP
>> experts:
>>
>> Could you tell me all the ways I could send (safe) parameters from a jsp
>> to a jsp file? Please discard the url parameters and the Session object...
>>
>> I have a jsp (Valida.jsp) which opens a new navigator window (javascript),
>> and that new navigator window contents another jsp
>> (Portal.jsp). I need to send some parameters from Valida.jsp to
>> Portal.jsp. In fact the second Jsp is formed by frames and one of the
>> frames has a jsp (Left.jsp) that needs those parameters...
>>
>> Could you please help me? Give some hints or examples... I really need
>> your help.. Or if you couldn't, please tell me where I can find that
>> information....
>>
>> Thank you very much..
>> Nancy.
>>
>> ===========================================================================
>> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>> JSP-INTEREST".
>> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
>> DIGEST".
>> Some relevant FAQs on JSP/Servlets can be found at:
>>
>> http://archives.java.sun.com/jsp-interest.html
>> http://java.sun.com/products/jsp/faq.html
>> http://www.esperanto.org.nz/jsp/jspfaq.jsp
>> http://www.jguru.com/faq/index.jsp
>> http://www.jspinsider.com
>>
>> ===========================================================================
>> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
>> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
>> Some relevant FAQs on JSP/Servlets can be found at:
>>
>> http://archives.java.sun.com/jsp-interest.html
>> http://java.sun.com/products/jsp/faq.html
>> http://www.esperanto.org.nz/jsp/jspfaq.jsp
>> http://www.jguru.com/faq/index.jsp
>> http://www.jspinsider.com
>
>===========================================================================
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
>For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
> http://archives.java.sun.com/jsp-interest.html
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.jsp
> http://www.jguru.com/faq/index.jsp
> http://www.jspinsider.com
>
>
----------------------------------------
Paul Balanoiu
Bucharest, Romania
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
