*
The moose likes Servlets and the fly likes SendRedirect() issue for snsetive information Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "SendRedirect() issue for snsetive information" Watch "SendRedirect() issue for snsetive information" New topic
Author

SendRedirect() issue for snsetive information

tushar borole
Greenhorn

Joined: Oct 13, 2008
Posts: 12
I've to redirect username and password to the following URL:

https://www.xyz.com/abc/xyz/abc/signin?username=xxx&password=yyy&locale=en_EN

Generally this works fine, but: username and password will have to remain plain text (we cannot change this!), no encryption etc. allowed.
So my question is whether there is a way to NOT seeing the parameters after sending this request to the external server:

I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
tushar borole wrote:
This would be an implicite POST isn't it?

Yes. Certainly if it concerns another domain/appserver.
Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
tushar borole wrote:I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?


How come login credentials get passed here? What's implicit POST?

Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

tushar borole wrote:I'm expecting something like: https://www.xyz.com/abc/xyz/abc/signin

This would be an implicite POST isn't it?
Regardless of what that is, doing a redirect always results in the browser sending a GET request to the URL you are redirecting to. So the answer is, if you do that then you will see the user ID and password in the browser's address bar.
tushar borole
Greenhorn

Joined: Oct 13, 2008
Posts: 12
Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.

Implicit POST means , simply can I make this redirect as a POST request so that it would not show the request parameters.

Do anyone have some pointers on the same.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

No. As I said in my last post, "doing a redirect always results in the browser sending a GET request". That's the way it is. You can't make the browser send a POST request. Only a GET request.
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

tushar borole wrote:Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.


i am not sure . but what about session ?
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
tushar borole wrote:Yes, If i used semdRedirct() it will show me the request parameters in the address bar. I want to hide these request parameters or don't want to show the url in the browser's history.

Implicit POST means , simply can I make this redirect as a POST request so that it would not show the request parameters.

Do anyone have some pointers on the same.
First this question, does it concern another domain/appserver?
 
 
subject: SendRedirect() issue for snsetive information
 
Similar Threads
Web Page query
can we write automation code for a folder structure within a webpage through selenium?
Reading password information from a text file.
Junit4- struts2.0 -test Action class & DAO class
REST security