Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 18198 invoked from network); 7 Jun 2002 08:51:39 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 7 Jun 2002 08:51:39 -0000 Received: (qmail 17619 invoked by uid 97); 7 Jun 2002 08:51:35 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 17603 invoked by uid 97); 7 Jun 2002 08:51:34 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 17591 invoked by uid 98); 7 Jun 2002 08:51:33 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) From: "Power-Netz \(Schwarz\)" To: "Tomcat Users List" Subject: AW: Security problem? Date: Fri, 7 Jun 2002 10:50:39 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > -----Urspr�ngliche Nachricht----- > Von: Laura [mailto:lauradiara@libero.it] > Gesendet: Freitag, 7. Juni 2002 10:47 > An: tomcat-user@jakarta.apache.org > Betreff: Security problem? > > > Hi all, > > it might be that I have a security problem and you should tell me if I am > right. > Well, I have a server with an ecommerce application: an user can buy > something a when he has to pay the servlet of the web application > executes a > redirect to my servlet (in a different server) passing me the sum > of money > that the user has to pay. > > Could the user change the sum of money? Is redirect secure? put the value into an object, serialize it and send the object directly to the other servers app. at best via SSL, or encrypt it yourself ( at least the stored informations ). M.Schwarz -- To unsubscribe, e-mail: For additional commands, e-mail: