This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have 2 apps hosted on different servers.
I need certain inputs from App 1 to process in App 2, I figured out the only possible way is to send these parameters is using the GET method.
Due to this all the parameters required in App 2 will be visible in the URL while redirection.
Is there anyway i can secure this server-server communication, so that any user cannot just copy the URL visible during redirection and misuse it.
I have tried out encryption of the parameters being sent but that also is not too secure.
Would appreciate if someone could point out a way to do this.
how else would i send data from one server to another?
I am using a response.sendRedirect(URL) for the redirection and this URL is not on the same server.
When this happens, it is going to be a new request altogether so i guess POST is not possible. If it is, can you please tell me how?
Joined: Mar 22, 2005
Again: where does a redirect come into play when a server communicates directly with another server? It sounds a bit as you're not actually talking about server-to-server communication, but as if there's some 3rd party involved? TellTheDetails.
This is how i do it in WebApp1
WebApp2 is a servlet where i use input1 and input2 for processing and after which i need to redirect this to another WebApp say WebApp3 in Server3.
I do this using:
So basically when my inputs are flowing from Server1 to Server2 to Server3, they are seen in the URL which is what i feel makes it vulnerable hence the need to secure this entire process.
The reason i say its redirection is the Control basically moves from Server1 to Server3 with Server2 deciding the final destination, which in this case is Server3.
Hope this helps
Joined: Mar 22, 2005
OK, so there is a 3rd party - a web browser you hadn't mentioned before that acts as client to these web apps. One possibility is to encrypt the data, another is to transmit the data directly between the two servers; you can use HTTP for that as well.