Re: REFERER from an applet to servlet

Thu, 1 Apr 1999 19:24:08 -0500 

really the issue is a matter of verification and security. before i 'set' a
request property referer, how can the applet verify to the servlet that it's
document base is where it says it is, ie. if the <base> tag is set in the
html then the applet can basically be spoofed into 'thinking' it is being
delivered from any address such as www.yahoo.com does anyone know a way
around this security flaw?
>
>>Use URLConnection.setRequestProperty().
>>
>>Aaron
>>
>>> -----Original Message-----
>>> From: Adam Neilson [mailto:[EMAIL PROTECTED]]
>>> Sent: Thursday, April 01, 1999 12:55 AM
>>> To: [EMAIL PROTECTED]
>>> Subject: REFERER from an applet to servlet
>>>
>>>
>>> hi all,
>>> does anyone know a trick to send a REFERER header value to a
>>> servlet from an
>>> applet using jason's HttpMessage class. i need to get the REFERER to
>>> uniquely identify the applet.
>>>
>>> i realise it will be something along the lines of:
>>> "/MyServlet?"+java.net.URLEncoder.encode("HTTP_REFERER")+"=" +
>>> java.net.URLEncoder.encode(refererVal)
>>>
>>> but how do i get refererVal?
>>>
>>> all suggestions welcome..
>>>
>>> cheers
>>> adam
>>>
>>> ______________________________________________________________
>>> _____________
>>> To unsubscribe, send email to [EMAIL PROTECTED] and
>>> include in the body
>>> of the message "signoff SERVLET-INTEREST".
>>>
>>> Archives: http://archives.java.sun.com/archives/servlet-interest.html
>>> Resources:
>>> http://java.sun.com/products/servlet/external-resources.html
>>> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>>>
>>
>>__________________________________________________________________________
_
>>To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
>>of the message "signoff SERVLET-INTEREST".
>>
>>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>>Resources: http://java.sun.com/products/servlet/external-resources.html
>>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to