Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Coming from multiple jsp to same servlet may be unsafe  RSS feed

 
RabiDas Sharma
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone,

currently whenever i'm coming to same servlet from different jsp pages,
i use







so i got a doubt if in servlet i'm using the hidden element's value
for redirecting to different jsp pages like if

String action=request.getParameter("action");
if("student".equals(action))
{
//redirect to viewprivielegestudent.jsp page
}
else if("admin".equals(action))
{
//redirect to viewprivielegeadmin.jsp page
}

then if student in the browser does view source code and changes the hidden element's value to admin then he can go to
admin privielege page.


so please tell me the correct way to code so that i can go from multiple jsp pages to
same servlet without any compromise on authorization.


thanks in advance
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It sounds like you have no security in place to ensure that the admin area is accessed only by properly authorized users. Start reading at http://www.coderanch.com/how-to/java/ServletsFaq#security
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!