This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes how to be sure the paremeter that comes from the form in servlet? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to be sure the paremeter that comes from the form in servlet?" Watch "how to be sure the paremeter that comes from the form in servlet?" New topic
Author

how to be sure the paremeter that comes from the form in servlet?

ahmet oguz
Greenhorn

Joined: Mar 08, 2006
Posts: 18
hi,
in my servlet I take the parameters from the request page with get method. But I want to know that this parameter that comes from the request page, not from the manualy writing the url and pass the parameter and value? How to kontrol this problem in Servlet Get method? I want to be sure that customer fill the forms and submit the form, not manually write the url and passes the parameter and value? I am not sure but I remember that php has a control for this reason.
poorna prakash parvathala
Greenhorn

Joined: Dec 18, 2006
Posts: 20
you can implement the 'Synchronizer Token' pattern,
with a hidden token in the rewrited URL (based on which the token gets validated)

for more info visit the fallowing link :
http://www.javaworld.com/javaworld/javatips/jw-javatip136.html


Poorna Prakash<br /> <br />SCJP 1.4 (90%), SCWCD (planning)
Amol Nayak
Ranch Hand

Joined: Oct 26, 2006
Posts: 218
There is no support for this in the api, What i can think of is you can get the path info as:



then you have to search this string for the presence of parameter,
If it is, then this parameter has come as a part of url string (GET )

This will happen even if you submit from a form without method="post".
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

As Amol has said, there is no 100% sure way to guarantee this.

Poorna prakash parvathala's suggestion of using tokens will help.
You can also check the 'referer' request header but, again, none of these techniques will give you a 100% guarantee.

You should always treat information coming from the web as suspect and validate it heavily on the server.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to be sure the paremeter that comes from the form in servlet?
 
Similar Threads
Need Help in TRACE,DELETE,PUT,HEAD
JSP & adding dynamically parameters
How to pass a javascript variable on a jsp to a servlet
Getting parameters from doGet()
doGet() but I don'tGet()