Win a copy of Hands On Software Engineering with Python this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Liutauras Vilda
Sheriffs:
  • Tim Cooke
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Ron McLeod
  • Ganesh Patekar
  • salvin francis
Bartenders:
  • Tim Holloway
  • Carey Brown
  • Stephan van Hulst

How to read POST parameters?  RSS feed

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I have a business scenario here...

1. User logs into SAP Portal with defined userid/password
2. Portal has a hyperlink, that when clicked navigates the user to our application (some xyz say) in a new window. Internally Portal sends
a GET request, appending the userid given in step 1 onto URL, to our application deployed on WebSphere Process Server. URL shown
on the new browser window is in encrypted form but when user opens up a blank window and types the starting characters of the
actual URL of our application it is shown along with the userid parameter appended to URL. If this is the case then users can change
the userid value and can misuse the application. Please provide any suggestions to overcome this misuse..

Note: We have tried a POST request from SAP Portal but we are unable to read the userid parameter

Thank you in advance,
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rama,

I am not sure how SAP portal works but if you have the userid/pwd in request, this should work.
If you don't have the current request handy, add this in your code and check if it works.

 
Do not set lab on fire. Or this tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!