Gareth a écrit :
Thanks Marcus.
I considered that solution, but the main issue is that I'm trying to make an (I
think) insecure mechanism of taking a payment more secure by removing the
ability for a malicious user to manually change the form variables clientside
before it gets submitted to the payment server.
Hi,
my 2 cents is that if you do not get any crypto signature mechanism
between you and the bank, you could not let the client send information
directly to the bank. Usually the bank provide a API to install on the
server which you use to send information after you have checked client
submition.
regards,
cyrille.
----- Original Message ----
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: users@tapestry.apache.org
Sent: Thursday, 30 November, 2006 10:21:39 AM
Subject: RE: Redirect to an external site on the serverside
Hi Gareth
in similar situations, I've used a custom form component. You can pretty
well just start using @Any for this. Then the client request goes
directly to the target site. Dowside is, if you calculate some of the
form fields on the server side, you might need some javascript stuff to
auto-submit the form ...
hth, Marcus
-----Original Message-----
From: Gareth [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 30, 2006 10:35 AM
To: Tapestry users
Subject: Redirect to an external site on the serverside
Hi,
I've been trying to force a redirect to happen by throwing a
RedirectException, and even injecting
"tapestry.globals.HttpServletRequest" and forwarding it, but
I can't find any way of forcing the redirect to contain the
POST information from my page that was submitted.
Is there any way?
Essentially, I don't want to pass parameters to the external
site over the URL because this would allow the user to
manually change them.
I've begun to wonder if the easiest way is to build my own
request from scratch and sending it as if my server-side code
were a browser, then somehow pass the response through to the
client - essentially acting as a proxy I suppose, but only
for the initial page retrieval... after that, my idea was the
client's browser would talk direct to the external website,
which incidentally is running in SSL (https) mode. Is any of
this possible, and assuming it is, how would I go about doing it?
Any Ideas?
Many thanks.
Gareth
Send instant messages to your online friends
http://uk.messenger.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
