通过超链接隐藏值
我问:每当我通过链接传递一个值时,它看起来像这样:
<a href="some.jsp?someid=<%=something%>">Click here to view details</a>
现在,当我单击该超链接时,我将转到 some.jsp 并检索搜索值,例如:
request.getparameter("someid");
但我还在浏览器 URL 中看到了所有这些敏感细节,这些细节很容易受到攻击。我想隐藏所有这些详细信息,以便浏览器的网址中不会显示任何内容,但处理将在内部完成。我该怎么做?请忽略 jsp 标签,我正在学习 JSTL,很快就会替换 scriplet,但最初我想在 jsp 标签上实现它。非常感谢任何帮助。
I was asking that : whenever I pass a value by a link then it looks like this:
<a href="some.jsp?someid=<%=something%>">Click here to view details</a>
Now when i click on that hyperlink i am going to some.jsp and retrieving value of search like:
request.getparameter("someid");
But I am also seeing all those sensitive details in the browser URL, which is vulnerable. I want to hide all these details so that nothing will be shown in the browser's url but processing will be done internally. How can i do it? Please ignore jsp tags, I am learning JSTL and will soon replace scriplets but initially i want to implement it on jsp tags. Any help is much appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您要将链接转换为按钮,您可以将其作为隐藏的 POST 值传递,并让您的 some.jsp 页面读取该值。例如:
然后在您的 some.jsp 上,您可以读取
someidPOST 值并对其进行任何您想要的操作。If you'd turn the link into a button you could pass it as a hidden POST value and have your some.jsp page read that. For example:
Then on your some.jsp, you can read the
someidPOST value and do with that whatever you want.首先,如果你想在 URL 中显示敏感内容,为什么要使用 GET 请求。
您应该使用 POST 请求。将 someid 的值存储在请求属性中。
First of all , if you want to show sensitives stuffs in URL, Why are you usng GET request.
You should use POST request. Store the value of someid in request attribute.
您可以加密和解密 someid 的值来执行此操作。请参阅此处给出的示例:
使用 DES 加密字符串
You can encrypt and decrypt the value of someid for doing it. See the example given here:
Encrypting a String with DES