• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Checking a href value in servlet

 
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

i have a JSP that has an a href tag :



and in My javascript i am encoding the ID and then submitting the form :-

'



In Servlet, i am getting the ID value as :

String id = request.getParameter("id");

and then decoding the value within the servlets.

Now , my problem is whenever i am hitting the direct link within the servlets using the encoded id that i had passed within the javascript , then the request is again processed.

I need to stop the request from processing if user copies the encoded id and hit the servlet directly .

Example Scenario :-

Suppose id encoded in the javascript and the URL formed is :

http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573== (encoded).

URL formed and submitted via javacript onclicking a link

In controller :-

Id decoded and form processed.

Problem :- Need to stop if the user copies the URL and directly hits from the brower without clicking the link

example :-
http://localhost:8080/MyServlets/abc.do?id=QQWWEEEggie66573==

How can i stop that and determine whether the a href is clicked or user is directly hitting the url.

Thanks
 
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't. From the point of view of the server, the requests are identical.
 
Rancher
Posts: 4804
7
Mac OS X VI Editor Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not only can you not tell them apart, but its very bad design to trust anything from the browser. Your example, that the user copy/pastes the URL is just the first of many.

You must assume that you are not talking to a friendly user with a browser, but rather an evil script that is programmed to interact with your site. Expect the evil script to do bad things.
 
Manish Sahni
Ranch Hand
Posts: 41
Netscape Safari Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks everyone..

Me too was thinking that the request will be the same for the server for that session..


 
Paper beats rock. Scissors beats tiny ad.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic