aspose file tools*
The moose likes Servlets and the fly likes how to be sure the paremeter that comes from the form in servlet? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to be sure the paremeter that comes from the form in servlet?" Watch "how to be sure the paremeter that comes from the form in servlet?" New topic
Author

how to be sure the paremeter that comes from the form in servlet?

ahmet oguz
Greenhorn

Joined: Mar 08, 2006
Posts: 18
hi,
in my servlet I take the parameters from the request page with get method. But I want to know that this parameter that comes from the request page, not from the manualy writing the url and pass the parameter and value? How to kontrol this problem in Servlet Get method? I want to be sure that customer fill the forms and submit the form, not manually write the url and passes the parameter and value? I am not sure but I remember that php has a control for this reason.
poorna prakash parvathala
Greenhorn

Joined: Dec 18, 2006
Posts: 20
you can implement the 'Synchronizer Token' pattern,
with a hidden token in the rewrited URL (based on which the token gets validated)

for more info visit the fallowing link :
http://www.javaworld.com/javaworld/javatips/jw-javatip136.html


Poorna Prakash<br /> <br />SCJP 1.4 (90%), SCWCD (planning)
Amol Nayak
Ranch Hand

Joined: Oct 26, 2006
Posts: 218
There is no support for this in the api, What i can think of is you can get the path info as:



then you have to search this string for the presence of parameter,
If it is, then this parameter has come as a part of url string (GET )

This will happen even if you submit from a form without method="post".
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

As Amol has said, there is no 100% sure way to guarantee this.

Poorna prakash parvathala's suggestion of using tokens will help.
You can also check the 'referer' request header but, again, none of these techniques will give you a 100% guarantee.

You should always treat information coming from the web as suspect and validate it heavily on the server.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to be sure the paremeter that comes from the form in servlet?