activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jefetech <>
Subject Preventing post from external URLs
Date Tue, 03 Oct 2006 05:45:48 GMT

My ajax chat client currently does not prevent a knowledgeable web developer
from making an HTML form, anb posting to my MessageListener servlet with a
correctly formatted message which will go to all users logged in.  Something
like this:

<form action="" method="POST">
<input type="hidden" name="destination" value="topic://CHAT.MYTOPIC">
<input type="hidden" name="type" value="send">
<input type="hidden" name="message" value="<message type='chat'
from='Webmaster'>Screw  all ya all</message>">
<input type="submit" value="Do It"></form>

Is there anyway to prevent this?  At minimum, maybe a check in the servlet
for referring url.

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message