Hi, I am calling a jsp program passing some parameters and in the URL I am seeing those parameters. If I change the parameter value at URL address and refresh the page , it pulls back the information of the newly enter parameter. I feel it is not a secured one. Please suggest me ideas to hide parameters in the URL or any secured way of coding. Thanks Deepa.
use post method in the form , default is get so u always see the parameters in the url. <form action="some.jsp" method="post">
Joined: Mar 29, 2001
Thanks for your reply prabhat kumat. But I have a different problem. Here is the coding <a href="http://localhost:8080/RegSearch.jsp?primaryRegId=<%= primaryRegId %>" target=_top> View All Registered User </a> On clicking "View All Registered User " Hyperlink the following URL is displayed in the Address field. "http://localhost:8080/RegSearch.jsp?primaryRegId=20001" If I change the primaryRegId to 30909 instead of 20001 in the URL address and refresh the page it brings back the information of the other user 30909, which is not secured. Could you please let me know how to avoid this? Thanks Deepa
Joined: Apr 11, 2001
in html form u have to do ..
[ February 24, 2002: Message edited by: prabhat kumat ] [ February 24, 2002: Message edited by: prabhat kumat ]
I dont think using session is a closer solution for the question. session can be used only in same server, but when two jsps live in different server, can you still user session to 'transfer' your data? I think maybe using hidden field is a way some time and is a closer answer to the question.
have the same problem (hiding hyperlink parameter). was there a simple solution to this. have a listing of IDs from one page and using hyperlink to pass ID for database search to the second page. the value shows up in the URL and can be manipulated to pull different data. tried adding a form with post, but didn't know how to capture selected value from the hyperlink tags (without creating an array of hidden input type).