Win a copy of Succeeding with AI this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Junilu Lacar
Sheriffs:
  • Tim Cooke
  • Jeanne Boyarsky
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • fred rosenberger
  • Frits Walraven

How to pass a Post parameter using a link?

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I have JSP page from which i am passing a value to another when the user clicks on the link.

.

Now this parameter is passed to another page as a HTTP GET parameter. How can i Send it as a POST Parameter?

I cant use the form and submit.

is there any other way to do it. Can we do it using ajax?

 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
set this parameter in the request object & you will get the same in that JSP using request Object.
 
Rancher
Posts: 43015
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where do you see the difference between a GET parameter and a POST parameter? Why can't you append the parameter to the URL?
 
Sheriff
Posts: 67389
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cannot be done. You either need to use a form or Ajax to initiate a post.
 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't append it to URL since that fails in security testing. The tools we use will capture the get parameters and replace them with some other values and try to extract data from database. Any suggestions ?

I will take a ajax based approach as Bear Bibeault suggested.

I got a solution based on jquery ajax using which i can initiate a POST request on link clicking.

 
Bear Bibeault
Sheriff
Posts: 67389
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A post is no more secure than a get.

You should be basing the choice of GET or POST based upon the nature of the request, not any bogus "security" supposedly provided by post.
 
author & internet detective
Posts: 39959
804
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:A post is no more secure than a get.


From an application/sniffing point of view, I agree. I did hear of an interesting security difference: Get parameters are part of the URL and therefore show up in the web server access log. If something is only a little sensitive, they may not want it hanging out in the logs.
 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know even Post parameters are Vulnerable to attacks. We do test application against Cross Site Scripting type of attacks where in such a scenario URL Get parameters will be modified in to scripts.

just an example

http://xyz.com/events_all_en.jsp?id=>'><ScRiPt%20%0a%0d>alert(123)%3B</ScRiPt>

which would give a alert to the user.

The POST would at-least prevent this.

if we want to give our application a max security possible we should implement SSL.
 
Bear Bibeault
Sheriff
Posts: 67389
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

vishnu vyasan wrote:which would give a alert to the user.


Only if you don't follow best practices, such as carefully HTML-encoding all unsafe values upon display.

POST will not prevent this issue either.
 
Bear Bibeault
Sheriff
Posts: 67389
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

vishnu vyasan wrote:if we want to give our application a max security possible we should implement SSL.


Without SSL, your application has no security.
 
I wasn't selected to go to mars. This tiny ad got in ahead of me:
Two software engineers solve most of the world's problems in one K&R sized book
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic