> Get the request parameters from the request object from a page, concatenate > them into a string, store the string in the db.
Do you url-encode the names and the values before concatenating them into the string? If not, there might be '&', '=' symbols in the value string that break your parsing. Are you displaying the concatenated string somewhere on your pages? Can it be resubmitted from some hidden form field? Can it be resubmitted as part of the action url of a form (<form action="...?name=value">)? Can it be resubmitted if going back/forward within the browser? It this problem reproducible for you? Or it just happened once? > we found parameters in this string that belonged to a different webapp > running on our > server. Is there any chance that somebody was typing ?name=value&... in the location bar of the browser, as a joke, as a testing, or in an attempt to break down your app? --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
