This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

doPost method in servlet  RSS feed

 
nitu sharma
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why query string is not getting created in doPost method of HttpServlet?Is this reason is enough - it is supplying data in html body.
can anyone please clarify what actually happening
 
Ivan Jozsef Balazs
Rancher
Posts: 999
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTP get and post methods work that way. With the GET method the parameters are included in the URL, with POST they travel in the body. It is by design so.

What is your actual problem?
 
Devaka Cooray
Marshal
Posts: 5554
707
Chrome Eclipse IDE Google App Engine IntelliJ IDE jQuery Postgres Database Tomcat Server
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nitu sharma wrote:it is supplying data in html body.

Note that it is HTTP body - the content that goes in doesn't always need to be HTML. When you upload a file through your browser, in most cases, it goes through HTTP body. Can you imagine the mess it would be if the content of a 100 MB file has to transfer via a URL? That's just one use of HTTP Post and the idea of parameters being in the body; but there's many. The most significant one would be the security of the content you send, assuming some TLS is properly implemented.
 
Kat Rollo
Ranch Hand
Posts: 62
Eclipse IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
doPost() is good for security because you don't want sensitive information being seen by the user in the URL box.
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kat Rollo wrote:doPost() is good for security because you don't want sensitive information being seen by the user in the URL box.


If and only if that user is really dumb to know that he can only see the URL when making a HTTP request and everything else is hidden away!
 
Kat Rollo
Ranch Hand
Posts: 62
Eclipse IDE Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The common lot of internet people are like that. Hahaha.
Some don't even know how to View Source code. OTL
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66182
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kat Rollo wrote:doPost() is good for security because you don't want sensitive information being seen by the user in the URL box.
"Good" is a relative term here -- it actually provides no security at all except from people looking over your shoulder. It does nothing to prevent actual online attack vectors.

 
Ivan Jozsef Balazs
Rancher
Posts: 999
5
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whereas a GET URL can be easily bookmarked, a POST one not.

The GET requests' parameters go in the access log, but not those of the POST requests.
 
Junilu Lacar
Sheriff
Posts: 11125
160
Android Debian Eclipse IDE IntelliJ IDE Java Linux Mac Spring Ubuntu
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In support of Ivan's response, this what Jim Manico writes in "Iron-Clad Java":
By putting the parameters in the request instead of the URL, the submitted data is not leaked in the browser history list, referrer headers, or server access logs.

TIP
Submit sensitive data only over HTTPS POST in the POST body!
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66182
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Learn it! Live it!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!