*
The moose likes JSP and the fly likes How to pass a Post parameter using a link? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "How to pass a Post parameter using a link?" Watch "How to pass a Post parameter using a link?" New topic
Author

How to pass a Post parameter using a link?

vishnu vyasan
Ranch Hand

Joined: May 27, 2008
Posts: 39
Hi Guys,

I have JSP page from which i am passing a value to another when the user clicks on the link.

.

Now this parameter is passed to another page as a HTTP GET parameter. How can i Send it as a POST Parameter?

I cant use the form and submit.

is there any other way to do it. Can we do it using ajax?

swapnl patil
Ranch Hand

Joined: Aug 13, 2007
Posts: 80
set this parameter in the request object & you will get the same in that JSP using request Object.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Where do you see the difference between a GET parameter and a POST parameter? Why can't you append the parameter to the URL?


Ping & DNS - my free Android networking tools app
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

Cannot be done. You either need to use a form or Ajax to initiate a post.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
vishnu vyasan
Ranch Hand

Joined: May 27, 2008
Posts: 39
I can't append it to URL since that fails in security testing. The tools we use will capture the get parameters and replace them with some other values and try to extract data from database. Any suggestions ?

I will take a ajax based approach as Bear Bibeault suggested.

I got a solution based on jquery ajax using which i can initiate a POST request on link clicking.

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

A post is no more secure than a get.

You should be basing the choice of GET or POST based upon the nature of the request, not any bogus "security" supposedly provided by post.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30132
    
150

Bear Bibeault wrote:A post is no more secure than a get.

From an application/sniffing point of view, I agree. I did hear of an interesting security difference: Get parameters are part of the URL and therefore show up in the web server access log. If something is only a little sensitive, they may not want it hanging out in the logs.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
vishnu vyasan
Ranch Hand

Joined: May 27, 2008
Posts: 39
I know even Post parameters are Vulnerable to attacks. We do test application against Cross Site Scripting type of attacks where in such a scenario URL Get parameters will be modified in to scripts.

just an example

http://xyz.com/events_all_en.jsp?id=>'><ScRiPt%20%0a%0d>alert(123)%3B</ScRiPt>

which would give a alert to the user.

The POST would at-least prevent this.

if we want to give our application a max security possible we should implement SSL.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

vishnu vyasan wrote:which would give a alert to the user.

Only if you don't follow best practices, such as carefully HTML-encoding all unsafe values upon display.

POST will not prevent this issue either.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

vishnu vyasan wrote:if we want to give our application a max security possible we should implement SSL.

Without SSL, your application has no security.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to pass a Post parameter using a link?
 
Similar Threads
'POST'ing parameters to another JSP
URL rewriting and Struts how-to
Newbie: how to get parameter
Accessing HttpRequest Parameteres in ActionForm
parameter passing and display