• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to pass a Post parameter using a link?

 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I have JSP page from which i am passing a value to another when the user clicks on the link.

.

Now this parameter is passed to another page as a HTTP GET parameter. How can i Send it as a POST Parameter?

I cant use the form and submit.

is there any other way to do it. Can we do it using ajax?

 
swapnl patil
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
set this parameter in the request object & you will get the same in that JSP using request Object.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where do you see the difference between a GET parameter and a POST parameter? Why can't you append the parameter to the URL?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64724
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cannot be done. You either need to use a form or Ajax to initiate a post.
 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't append it to URL since that fails in security testing. The tools we use will capture the get parameters and replace them with some other values and try to extract data from database. Any suggestions ?

I will take a ajax based approach as Bear Bibeault suggested.

I got a solution based on jquery ajax using which i can initiate a POST request on link clicking.

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64724
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A post is no more secure than a get.

You should be basing the choice of GET or POST based upon the nature of the request, not any bogus "security" supposedly provided by post.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34237
341
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:A post is no more secure than a get.

From an application/sniffing point of view, I agree. I did hear of an interesting security difference: Get parameters are part of the URL and therefore show up in the web server access log. If something is only a little sensitive, they may not want it hanging out in the logs.
 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know even Post parameters are Vulnerable to attacks. We do test application against Cross Site Scripting type of attacks where in such a scenario URL Get parameters will be modified in to scripts.

just an example

http://xyz.com/events_all_en.jsp?id=>'><ScRiPt%20%0a%0d>alert(123)%3B</ScRiPt>

which would give a alert to the user.

The POST would at-least prevent this.

if we want to give our application a max security possible we should implement SSL.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64724
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
vishnu vyasan wrote:which would give a alert to the user.

Only if you don't follow best practices, such as carefully HTML-encoding all unsafe values upon display.

POST will not prevent this issue either.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64724
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
vishnu vyasan wrote:if we want to give our application a max security possible we should implement SSL.

Without SSL, your application has no security.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic