Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hide Buttons From Servlets

 
Praveen Banthia
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am creating a game where a user needs to roll dice and if he rolls dice three times he then must choose one from one of the thirteen options.
My problem is once the user has rolled the buton three time how do I disable the button. I cannot use javascript as I am under assumption that user is always malicious so I cannot use Javascript.
I tried using Session but the problem is as initially session is set to null my "submit" button ends up being a text box.

I am able to count the number of time the dice is rolled but unable to disable it when count reaches three .
Please Provide snippet of sample code.


this will display out put like
rolls left 3
rolls left 2
rolles left 1

but I want the button to hide or disable when roll comes to 1

thanks in advance
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65339
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Praveen Banthia wrote:I cannot use javascript as I am under assumption that user is always malicious so I cannot use Javascript.

Nonsense. You need to use JavaScript to react to client-side events.

Your "assumption" is like saying "I won't use a kitchen knife to chop my celery because someone might stab someone with a knife."

 
Paul Clapham
Sheriff
Posts: 21581
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What's wrong with using <c:if> to only generate that <input> element when ${Rolled} is greater than 1? You haven't said anything at all to indicate that rolling dice is a client-side event -- and since you said you wouldn't use Javascript, that means it can't possibly be a client-side event.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65339
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good point -- if the page is being repainted after every "move" as if it were still 1998, then everything would be done on the server.

But the notion that using JavaScript is somehow automatically unsafe is also a rather ridiculous throwback to 1998.
 
Praveen Banthia
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi I know what you guys saying but I am doing a project where my main concentration is security and my professor has asked us to assume that end user is malicious and
I think if end user is malicious any code visible by right click ->view source can be altered.

H I liked the solution of Pual clapman to use if can you please show me an example of how to use cif. The rolled is calculated on server side and result is used by JSP using session get attribute property

and other is there a way we can use javascript and be sure that that code is not visible to end user or can be verified by the server.

My aim is I need to make sure that the user rollls dice three times (yahztee) and choos a option of 13 possible option any ideas on how to do this from javascript securely are appreciated
 
Cesar Loachamin
Ranch Hand
Posts: 90
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Praveen. I understand your issue with the javascript, in my opinion you should use javascript to disabled the button, as you said in the servlet you have the count of the rolled dice if someone malicious disabled javascript and submit again in your servlet you must have a routine that validate the if request its valid or if the rolled dice is greater than one, but the way you can use the solution of Paul with the if tag from jstl or just use EL, I give you and example.



I hope this help you with your problem

Kind regards.
Cesar
 
Praveen Banthia
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi thanks Cease for example I will take your advice and I will consider it and implement saftey measure on servler as well as disable button from javascript.
Thanks to all who helped me
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic