Loading ...
Sorry, an error occurred while loading the content.

thought on FORM-based login

Expand Messages
  • Tilman Hausherr
    In the JAVA Servlet course I took last year, I noticed that the handler for POST and GET were the same. This means: it might be possible to login from an URL
    Message 1 of 5 , Jan 4, 2006
    • 0 Attachment
      In the JAVA Servlet course I took last year, I noticed that the handler
      for POST and GET were the same. This means: it might be possible to
      login from an URL into a Tomcat server by using GET, i.e. put the
      parameters in the URL.

      Such an URL would look like this:

      http://www.host.com/login.jsp?txtUser=tilman&txtPassword=secret

      Try it and tell me if it works :)

      Tilman
    • Stephen Gazard
      Not sure about tomcat server, but in PHP, server variables for GET and POST are different, so you can specify to only login if using a post form to the script.
      Message 2 of 5 , Jan 5, 2006
      • 0 Attachment
        Not sure about tomcat server, but in PHP, server variables for GET and
        POST are different, so you can specify to only login if using a post
        form to the script. All other attempts won't work. It's better
        security to restrict it that way.

        Stephen

        gazard.com <http://www.gazard.com/>
        faith <http://www.gazard.com/structure/index.php?section=faith> family
        <http://www.gazard.com/structure/index.php?section=family> forwards
        <http://www.gazard.com/structure/index.php?section=forwards> photos
        <http://www.gazard.com/structure/index.php?section=photos>



        Tilman Hausherr typed the following whilst thumping at a keyboard on
        04/01/2006 19:44:
        > In the JAVA Servlet course I took last year, I noticed that the handler
        > for POST and GET were the same. This means: it might be possible to
        > login from an URL into a Tomcat server by using GET, i.e. put the
        > parameters in the URL.
        >
        > Such an URL would look like this:
        >
        > http://www.host.com/login.jsp?txtUser=tilman&txtPassword=secret
        >
        > Try it and tell me if it works :)
        >
        > Tilman
        >
        >
        >
        >
        >
        >
        > Yahoo! Groups Links
        >
        >
        >
        >
        >
        >
        >
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.