Re: HTML FILE Security

Fri, 16 Feb 2001 01:43:22 -0800 

Hi,

I don't want to be rude, but this design is bad.
You see you are sending from your servlet a html page, in wich you specify
a refresh url after 2 secs.
As far as i know this refresh is like the user entered in his borwser the
url.
You can't know from the server side that this url was a result of a refresh
meta tag
or a direct acces to the url.
Why not just send from the servlet the ValidAuthor.htm file content like

LineNumberReader lnr=new LNR(new FileReader("path./to/theValidAuthor.htm"))
while((line=lnr.readLine())!=null) out.println(line).

Or better you can use a template system or jsp (but in my opinion jsps ar
just servlets)
And you should use HttpSession too to let the user go further than the first
page.

BW,

Andras.

----- Original Message -----
From: kal inuganti
To: [EMAIL PROTECTED]
Sent: Friday, February 16, 2001 10:25 AM
Subject: HTML FILE Security


Hi All

I have a small security problem and I would like to know how I can fix it.
My servlet sends a request to an HTML file if the request is valid. The code
snippet is as  follows:

if((user.equals("administrator")) && (passwd.equals("author"))){

out.println("<HTML>");
   out.print("<head>" + "<meta http-equiv=\"refresh\" content=\"2; url=" +
   "http://24.181.167.18:8080/ValidAuthor.htm;\">" + "</head>");
   out.println("<BODY>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<p align=center>"+"<img
src=http://24.181.167.18:8080/welcome.gif>" + "</p>");
   out.println("</BODY>");
   out.println("</HTML>");
}

I would like to protect the ValidAuthor.htm file from direct access and the
only way it can be accessed is through this servlet. Can someone help me
with this problem.

Thanks,
Kalyan

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to