Please inline for my answers Andre.
Kiran,
Why does that "id=17" visible in the URL bother you ?
Is it because of some security aspect ? (that the user could change
it, and get something else than what they should be getting ?)
Thanks for reminding this aspect.I was not checking for empty resultset
in my code.Fixed that one now.:)
1) If that is the case, then the basic logic of your application is
flawed. If this is information that really needs to be sent by the
browser to the server, then the browser must have that information.
And if that information originally comes from the server and is sent
to the browser, then there is /nothing/ that you can do to block some
user from playing around with it, before sending it back to the server.
If you do not want the user to be able to play around with some
information, then don't send it to him in the first place. O
Ok let me share the way I wrote this piece,
href="<%=request.getContextPath()%>/getmyservice.do?id=${myid}"> , this
is link basically where I append the id(id comes from DB) send this to
the servlet and it the pulls the records from db for corresponding id
and then sends it back again to JSP for display.But I am not able to
figure out as why I not getting the url of jsp something like
http://localhost:8080/ourstory/myiddata.jsp
.So thought that let me try to rewrite the url in case if its possible.
2) if the browser /must/ send some information to the server as part
of the URL, then there is /nothing/ that can be done on the server
side, to stop the browser showing this information in the URL bar.
To illustrate this :
- imagine that the server sends a page to the browser, and this page
contains a link like :
<a
href="http://localhost:8080/mysite/getmyservice.do?id=my-very-secret-information";>click
here</a>
Then the user, just by moving his mouse above "click here", sees the
content of that link at the bottom of his screen, in the status bar,
right ?
And the user can right-click on "click here", and choose "copy link
location".
And then the user can open another browser window, and paste this URL
in the URL bar.
And then the user can modify this link before hitting the return
button, so that the link now looks like
http://localhost:8080/mysite/getmyservice.do?id=some-other-information
right ?
And all this happens in the browser, /before/ the server even sees
this browser request.
So what could the server do ?
This is interesting information,how about sending the info as POST
rather than Get.Not sure if I can convert clicking of the link from get
from post.but I will try.But again the place where I am displaying the
generating the links, is not within form, they just hyperlinks with id
appended to it.
Now I know both get/post can be broken if one wants it,thats all
together is different case,but for now I need tidy and clean url with no
id appended to it.
Does my requirement makes sense ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
