For question #2, one thing you can do is submit some sort of flag value from /app/Contact that /app/Contactsubmit looks for. If it's found, process as usual, if not you can assume someone tried entering the URI themselves and do whatever you want. The user could still manage it, but that's why you want to be Post'ing rather than Get'ing.... Post'ing in essence "hides" your request parameters whereas Get'ing puts them as part of the URL'q query string. If you look for that flag and you are Post'ing, although the user could still figure out how to construct the proper query string, it's much more work at that point, and unless this is a security issue, it'll probably do the trick for you.
You also MIGHT be able to check the referrer header, make sure it's app/Contact. You will need to verify this does what you expect because I've had experiences where the referrer wasn't set how you first think it would be, but assuming it does, that might be a better approach.
From: [EMAIL PROTECTED] Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Submit Design Question Date: Tue, 25 May 2004 13:13:29 -0400
Hi,
I have an application that permits a user to view and update Contact information. /app/Contact (gets data from the DB) --> posts to --> /app/ContactSubmit (updates the data after validation)
I would like to ensure that the application is solid and executes smoothly (doesn't eveyone!). ;>
Question 1: ----------------- Is the above process a valid one? Or should the GET and POST be done with the same URI such as (/app/Contact).
Question 2: ---------------- I would like to prevent any processing or errors if someone enters the /app/ContactSubmit URI in a browser address. One way to do so is the check the HTTP request for a GET in the Action class... and if found show an error page... Any other suggestions?
TIA, Glenn.
_________________________________________________________________
Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.click-url.com/go/onm00200439ave/direct/01/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
