Re: How do I hide the parameters?

Fri, 9 Apr 1999 12:01:20 -0400 

Hi,

If you want to prevent users look at hidden params within html's source
just.. keep them in HttpSession (don't write them in responses).

If you don't want sniffers to look at http betwen servlet and browsers
just use SSL.

Cezar.

On Fri, 9 Apr 1999, Sam Rose wrote:

> So what would be the best option to stop people from doing this?
> i.e. is there a better way instead of passing hidden parameters?
>
> -----Original Message-----
> From:   Balogh Andras [mailto:[EMAIL PROTECTED]]
> Sent:   Friday, April 09, 1999 11:15 AM
> To:     [EMAIL PROTECTED]
> Subject:        Re: How do I hide the parameters?
>
> >I'm sending hidden parameters to and from servlet's, but on the URL
> >the parameters are being displayed.
> >
> >I'm sure that this must be some kind of security risk, if so how can I
> >hide them, within the URL?
> >
>
>
> You can use the POST method  but it is still not SECURE .
> Somebody if it's interested can look in the source and
> look at the hidden fields values.
>
> Best wishes,
>                     Andras.
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>


Cezar Totth                             email:  [EMAIL PROTECTED]
                                        Fax:    (401) 220 33 95
Genesys Software Romania                Phone:  (401) 638 49 44
Stefan Furtuna 169, sect.6
cod 77171, Bucharest
Romania

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to