File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SendRedirect() issue for snsetive information

 
tushar borole
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've to redirect username and password to the following URL:

https://www.xyz.com/abc/xyz/abc/signin?username=xxx&password=yyy&locale=en_EN

Generally this works fine, but: username and password will have to remain plain text (we cannot change this!), no encryption etc. allowed.
So my question is whether there is a way to NOT seeing the parameters after sending this request to the external server:

I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tushar borole wrote:
This would be an implicite POST isn't it?

Yes. Certainly if it concerns another domain/appserver.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tushar borole wrote:I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?


How come login credentials get passed here? What's implicit POST?

 
Paul Clapham
Sheriff
Pie
Posts: 20166
24
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tushar borole wrote:I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?
Regardless of what that is, doing a redirect always results in the browser sending a GET request to the URL you are redirecting to. So the answer is, if you do that then you will see the user ID and password in the browser's address bar.
 
tushar borole
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.

Implicit POST means , simply can I make this redirect as a POST request so that it would not show the request parameters.

Do anyone have some pointers on the same.
 
Paul Clapham
Sheriff
Pie
Posts: 20166
24
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. As I said in my last post, "doing a redirect always results in the browser sending a GET request". That's the way it is. You can't make the browser send a POST request. Only a GET request.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tushar borole wrote:Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.


i am not sure . but what about session ?
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tushar borole wrote:Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.

Implicit POST means , simply can I make this redirect as a POST request so that it would not show the request parameters.

Do anyone have some pointers on the same.
First this question, does it concern another domain/appserver?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic