Hi,
I am developing a web application in which some parameters are passed through query
string.
I do not want to allow users to manipulate the query string. If they manipulate, they
should be logged off and taken to login page.
For ex.., I have a page
Sriram,
I would suggest you put sensitive information like that in a user's session
and not in the query string.
thanks,
Amit
-Original Message-
From: sriram [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 9:10 AM
To: 'Struts Users Mailing List'
Subject: URL changed by user - how
To: 'Struts Users Mailing List'
Subject: URL changed by user - how to restrict?
Hi,
I am developing a web application in which some parameters are passed
through query string.
I do not want to allow users to manipulate the query string. If they
manipulate, they should be logged off and taken
For ex.., I have a page http://mymachine:8080/appln/test.jsp?user=1004
In this page, user details are displayed.
If a user changes the query string - from user=1004 to
user=1005 - and clicks ENTER, then the details of 1005 are
being displayed. I want to avoid this. In such cases, user
PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 10:09 AM
Subject: URL changed by user - how to restrict?
Hi,
I am developing a web application in which some parameters are passed
through query string.
I do not want to allow users to manipulate the query
I agree with what the others said. You can never, and should never, trust anything
that the user can change. And you should certainly not be storing the logged in user's
id in the query string. I think you may need to read a bit about basic http security.
A framework like Struts requires you to
6 matches
Mail list logo
