I just was curious. I guess is not good practice for security. Or i am wrong?
Here a line example:
where 'ProgramLauncher4' is a servlet.
Thanks for the reply.
jhon masco wrote:I just was curious. I guess is not good practice for security. Or i am wrong?
I don't know. What do you consider insecure about that code?
(There's plenty of places in web applications where you can do insecure things; I'm just asking which of the long list of insecure things applies in this case.)
The biggest security risks in a J2EE application don't come so much from whether requests were made directly from a browser or via AJAX, but from whether or not the webapp was designed secure to begin with. Which is the main reason I make so much noise about not writing your own security system if the J2EE-standard one can be used instead.
Yes Tim, you are right when you say than the most important is the web application design.
Particularly i dont like when i can see the code of any file (.js.jsp.php, etc) from of my web browser.!
I dont know why you are feeling this is not good pratice, but for your information, GMAIL is popular because most of the functionalities are implemented by using AJAX(calling servlet using java script).
Thanks & Regards