• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to avoid sending authentication parameters in request url?

 
shiva kuppa
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have <html:text property="username" and ><html:password property=password" and I do ><html:form action="logon.do" method="post"

I can submit the form like this

https://xyz/logon.do?username=devuser&password=devpwd

and i get values in actionclass from the actionform.

How to avoid treating url request parameters as form paramters in struts?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"shiva vkk", please check your private messages for an important administrative matter.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your form is a post, the values should not appear on the URL.

However, sending them as a post doesn't make them any more secure than a get, just because they are not on the URL. They are still sent as plain text in the request body.

If you are concerned with security, you need to use SSL to encrypt the data during transmission.
 
shiva kuppa
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank You for the information.
But is there any way to stop treating request parameters as form parameters when I forecully send parameters through request url.
I want to prevent/stop login successful when doing this
https://xyz/logon.do?username=devuser&password=devpwd
Is there any hack or a real solution for this?
 
Paul Clapham
Sheriff
Pie
Posts: 20724
30
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The real solution is what Bear just said. Don't go looking for hacks when real solutions exist.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic