Where does your parameters come from ? If they are sent to the client by the
server and if the client has nothing to do with them, you can put them in a
cookie. But what will they be usefull for ? (Anyway, a cookie is very easyly
hackable.)
Most generally, parameters are used to collect data from the user and pass
it to the server. If the data comes from the user, there is no way to hide
it from this user.
Using form will not hide anything. Oviously, the parameters values will not
be hidden. The parmeters names neither because the user just has to look to
the code. This has to do only with the kind of client you are using. If you
want your parameters to be a little less visible, use a different kind of
client, such as an applet.
If your problem is not hacking, but wrong use of the URL (such as storing
dynamically constructed URL on the client), using forms with POST will be
enough.
Pierre-Yves
-----Message d'origine-----
De : A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]De la part de
Stuart Hemmings
Envoy� : jeudi 21 juin 2001 16:23
� : [EMAIL PROTECTED]
Objet : URI Hiding
Does anybody have practical experience, code examples or articles on how to
best avoid putting parameters within the URI of a servlet?
HTTP forms are one solution but ideally it would be nice to hide this type
of implementation avoiding malicious URL/URI calls. Session Management
techniques could be used in conjunction with any suggestions.
Don't want! <servletName>?mode=I'mhackable&mode=soamI
Want! <servletName>
Stuart Hemmings
Imagine Broadband Limited
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
