activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jefetech <i...@jefetech.com>
Subject Preventing post from external URLs
Date Tue, 03 Oct 2006 05:45:48 GMT


My ajax chat client currently does not prevent a knowledgeable web developer
from making an HTML form, anb posting to my MessageListener servlet with a
correctly formatted message which will go to all users logged in.  Something
like this:

<form action="http://www.mydomainname.com/amq/?" method="POST">
<input type="hidden" name="destination" value="topic://CHAT.MYTOPIC">
<input type="hidden" name="type" value="send">
<input type="hidden" name="message" value="<message type='chat'
from='Webmaster'>Screw  all ya all</message>">
<input type="submit" value="Do It"></form>


Is there anyway to prevent this?  At minimum, maybe a check in the servlet
for referring url.



-- 
View this message in context: http://www.nabble.com/Preventing-post-from-external-URLs-tf2374191.html#a6614621
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message