anks!
>
>
>
> --
> View this message in context:
> http://struts.1045723.n5.nabble.com/S2-actions-responding-only-to-POST-GET-methods-tp3486750p5712797.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
> ---
Hello everyone!
I am using Struts 1.1 and I wish to know what's the better solution to force
the POST method (without GET).
I need avoid CSRF attacks.
Thanks!
--
View this message in context:
http://struts.1045723.n5.nabble.com/S2-actions-responding-only-to-POST-GET-methods-tp3486750p57
I guess I assumed that any Login (or any sensitive information) action
would be secured with SSL. If you have an SSL connection between you
and your server, any packets sniffed would at least be encrypted. The
URL would probably still show up in a log somewhere, which makes GET
requests over SSL so
Hi Wes,
thanks for the response,
i've been wondering myself where would be any difference,
but couldn't find any, from the server point of view.
Still the proxies logs are a real threat.
If some one else is reading it, don't think that POST is secure,
one can sniff anything from post.
Best greetin
On a get request, the password would be present in the URL -
http://localhost:8080/yourApp/Login.action?username=username&password=yourpassword
This is probably not a *huge* deal, but there are places where
requests might be logged... Proxy servers, etc.
-Wes
2008/10/29 Paweł Wielgus <[EMAIL PR
Hi Hernán,
> Of course, you should never use GET when submitting a password, but that's a
> privacy concern you (developer) just deal when writing your jsp.
could You elaborate more about the reason why?
Best greetings,
Paweł Wielgus.
--
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20215043.html
Sent fr
Don is right.
No security issue here (and absolutely nothing to do with PHP's
register_globals).
I see little use in trying to discriminate between GET and POST in the
action side,
at least not in relation with security.
Of course, you should never use GET when submitting a password, but that's a
p
oblem" didn't return any reasonable
> threads.
>
> Thank you for your suggestions.
> --
> View this message in context:
> http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200721.html
> Sent from the Struts - User mailing list archive at
bles the same way and in newer versions is
>> >> deprectated,
>> >> or even not present). Even in servlets there are methods like doPost,
>> >> doGet,
>> >> doXXX, so you can distinguish servlet's behavior for different types
>> of
>> &
t; doXXX, so you can distinguish servlet's behavior for different types of
> >> requests. I'm pretty sure this has already been solved here, but search
> >> for
> >> keywords like "get post method problem" didn't return any reasonable
> >> thr
m the Struts - User mailing list archive at Nabble.com.
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> BestRegards,
>
of
> requests. I'm pretty sure this has already been solved here, but search for
> keywords like "get post method problem" didn't return any reasonable
> threads.
>
> Thank you for your suggestions.
> --
> View this message in context:
> http://www.nabble
--
View this message in context:
http://www.nabble.com/-S2--actions-responding-only-to-POST-GET-methods-tp20200721p20200721.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PRO
14 matches
Mail list logo
