cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Bierenfeld <>
Subject Re: Off topic but imho important
Date Fri, 15 Sep 2000 13:33:45 GMT
Ulrich Mayring wrote:
> wrote:
> >
> > The simplest way to hide them is if you use POST instead of GET
> > parameters.
> I think I should add this: of course, using POST (or whatever other
> method of hiding the parameters) still does not prevent someone from
> guessing your parameter name. So that alone does not improve security
> very much, you also have to do something like employ an authentication
> scheme and connect a session to it.
> Ulrich
> --
> Ulrich Mayring
> DENIC eG, Systementwicklung
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


it is pretty secure in terms of http and
authentification. The whole stuff runs over a
ssl-server with card identification. The ssl-proxy
stores the user identification/hash in the

The whole application is a mixture of POST (Forms)
and GETS (urls builded dynamically). So I am realy
thinking to do it like this :


   will be

   1) Crypt the Parametervalues
   2) Send it away whith a HashCode identifying
the original Params and that the url is comming
from a servlet/xsp

eg. POST:

   ?-) Does not apply :-).

Ill post the code if it is done.

Kind regards


View raw message