• Post Reply Bookmark Topic Watch Topic
  • New Topic

doPost and doGet  RSS feed

 
tony Lary
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm writing a basic codes in javaEE, when I added these codes to doGet()


PrintWriter out = response.getWriter();
out.println("<html><body><h1>The square root of 4.0 is: " + Math.sqrt(4.0) + "</h1></body></html>");


Eclipse will print out something, like "The square root of 4.0 is 2.0", but when I added these to doPost(), Eclipse print out nothing.
Please tell me why, and in what case we use doGet() or doPost()? As I know doGet() and doPost() is similar, but doGet() is not safe(password...) and very limited while doPost() is more powerful. Thank you very much!
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66152
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tony Lary wrote: but when I added these to doPost(), Eclipse print out nothing.

The doPost() method will only be invoked when a POST request is received.

Please tell me why, and in what case we use doGet() or doPost()?

GET and POST are different HTTP methods with different semantics. Each method is designed to respond to their respective HTTP method.

As I know doGet() and doPost() is similar, but doGet() is not safe(password...) and very limited while doPost() is more powerful.

This is false. GET and POST have no differences with respect to "safety". And how do you feel GET is "more limited"?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There have been many previous discussions on this, like http://www.coderanch.com/t/611889/Servlets/java/post-servlets. You'll find more by using the site search.

GET and POST have no differences with respect to "safety".

I disagree. GET transports parameters in the URL, where they end up in various places that makes them susceptible to snooping by 3rd parties, like browser histories and server access logs.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66152
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But that doesn't make POST any safer -- information is still carried in clear text. Too many people think that because it can;t be seen at the browser that the information is somehow safely transmitted.

It's important to understand that without SSL encryption, POST is not a safe operation.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't say it was safer with regard to snooping that has access to the full request, I was responding to the blanket statement that there is no difference between GET and POST with respect to safety/security - and that is simply not true. Just goes to show that it makes little sense to talk about "safety" or "security" without a context of possibly attacks scenarios - there is no absolute security.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66152
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:there is no absolute security.

Well, I guess that's kind of my point. To think that POST offers any substantive amount of security over a GET is a dangerous misconception.

But we're getting a bit afield of the original question: the OP may also be served well to do some investigation around the notion of idempotent versus non-idempotent requests.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!