Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Section 3.8 of "More Servlets and JSPs"

 
Ricardo Cortes
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am in the middle of reading Marty Hall's "More Servlets and JSPs" and I have reached the end of Chapter 3 with the Travel agent example. In Listing 3.59, he has a big comment in the middle that says:
/** Since password is being sent, use POST only. However,
* the use of POST means that you cannot forward
* the request to a static HTML page, since the forwarded
* request uses the same request method as the original
* one, and static pages cannot handle POST. Solution:
* have the "static" page be a JSP file that contains
* HTML only. That's what accounts.jsp is. The other
* JSP files really need to be dynamically generated,
* since they make use of the customer data.
*/
Can someone please elucidate on this? I am not quite sure what he is talking about. Thanks.
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ricardo,
I don't have this book, but here are my guesses:
- if you send the password with get, it will be urlencoded and visible in the adressline of the browser. http://www.mySite.com?password=mySupersecretPassword
(not a good idea for security reasons).
To process post-data you need some server side code (servlet, jsp) to read the content of the sended fields.
Get parameter-value pairs can be read out by javaScript (s.th. like window.location.href)
 
Ricardo Cortes
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah yes. This does help. Thanks!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic