If you only need to protect the values against outside observation, https will encrypt the GET parameters. If you need to prevent the user from fiddling with the values passed, then you need to encrypt those values before passing them off to the client. The receiver must be able to decrypt them, naturally. You should only need POST if your parameters will exceed ~2000 chars. POST will not protect the values from user manipulation.
On Jun 30, 2015, at 4:40 AM, Butchi Reddy Velagala <[email protected]> wrote: > Hi Wick, > > I need to pass some values(confidential values) to that URL. Please let me > know how to do that. > > > Thanks, > Butchi Reddy. > > > On Tue, Jun 30, 2015 at 3:48 PM, Christoph Wick <[email protected]> wrote: > POST doesn't solve a "security" problem. It maybe obfuscates the parameters > for a layman but it doesn't encrypt them. Anyway ... > > WORedirect uses HTTP status code 302 which makes the browser using GET. What > you need is HTTP status code 307. > > So, write your own subclass of WOCompnentent with a setter method for the URL > to redirect: > > public class MyRedirectComponent extends ERXComponent { > private String url; > public MyRedirectComponent(WOContext context) { > super(context); > } > public void appendToResponse(WOResponse aResponse, WOContext > aContext) { > aResponse.setHeader(this.url, "location"); > aResponse.setStatus(307); > } > public void setUrl(String url) { > this.url = url; > } > } > > The method that submits your form should look like this: > > public WOActionResults submitAction() { > MyRedirectComponent nextPage = (MyRedirectComponent) > > pageWithName(your.app.components.MyRedirectComponent.class); > nextPage.setUrl("http://YOUR_REDIRECT_URL";); > return nextPage; > } > > See > http://programmers.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect > > C.U.CW > -- > What are the three enemies of a programmer? Sunlight, oxygen, and the > appalling roar of the birds. > > > On 30.06.2015, at 09:52, Butchi Reddy Velagala <[email protected]> > > wrote: > > > > Hi All, > > > > We have to pass some confidential information to the URL which configured > > in WORedirect. But WORedirect is accepting only query parameters (appended > > to the URL). So It is the security problem. > > > > So please let us know if there is any way to redirect to the URL with POST > > parameters or headers to hide them. > > > > > > Thanks in Advance, > > Butchi Reddy Velagala. > > > > _______________________________________________ > > Do not post admin requests to the list. They will be ignored. > > Webobjects-dev mailing list ([email protected]) > > Help/Unsubscribe/Update your Subscription: > > https://lists.apple.com/mailman/options/webobjects-dev/cw%40i4innovation.de > > > > This email sent to [email protected] > > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/rgurley%40smarthealth.com > > This email sent to [email protected]
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
