Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to be sure the paremeter that comes from the form in servlet?

 
ahmet oguz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
in my servlet I take the parameters from the request page with get method. But I want to know that this parameter that comes from the request page, not from the manualy writing the url and pass the parameter and value? How to kontrol this problem in Servlet Get method? I want to be sure that customer fill the forms and submit the form, not manually write the url and passes the parameter and value? I am not sure but I remember that php has a control for this reason.
 
poorna prakash parvathala
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you can implement the 'Synchronizer Token' pattern,
with a hidden token in the rewrited URL (based on which the token gets validated)

for more info visit the fallowing link :
http://www.javaworld.com/javaworld/javatips/jw-javatip136.html
 
Amol Nayak
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no support for this in the api, What i can think of is you can get the path info as:



then you have to search this string for the presence of parameter,
If it is, then this parameter has come as a part of url string (GET )

This will happen even if you submit from a form without method="post".
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As Amol has said, there is no 100% sure way to guarantee this.

Poorna prakash parvathala's suggestion of using tokens will help.
You can also check the 'referer' request header but, again, none of these techniques will give you a 100% guarantee.

You should always treat information coming from the web as suspect and validate it heavily on the server.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic