tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Kerber <dcker...@verizon.net>
Subject Re: Code performance question #2
Date Tue, 08 Aug 2006 12:32:05 GMT
Pid wrote:

>David Kerber wrote:
>  
>
>>Pid wrote:
>>
>>    
>>
>>>here's another obvious question:
>>>
>>>if you're in a servlet, and you're getting an & separated string from
>>>somewhere, where is the "somewhere" that you're getting it from?
>>>
>>>does the servlet activate and collection the data somehow, or does the
>>>data get sent to the servlet (in, for example the query string)?
>>> 
>>>
>>>      
>>>
>>The data is sent via an HTTP POST request, with the query string lightly
>>encrypted.
>>    
>>
>
>if it's sent to the servlet using a POST, is there anything wrong with
>using the hreq.getParameterNames() & hreq.getParameter("param_name")
>methods?
>  
>
Encryption/obfuscation of the data.  I receive one parameter in the 
clear, and a 2nd parameter is a lightly encrypted string containing the 
rest of the data.  That makes it a but harder to break the data than 
encrypting each parameter separately would.  I grab these two items with 
the getParameter() methods, but then need to break out additional data 
from the data string once it is decrypted.

>
>Why encrypt the query string when you could just use an SSL connection
>and encrypt the pipe? (Ignore this Q if you don't have control of the
>other end).
>  
>
It's a major hassle to change the other end of the pipe, though it can 
be done if absolutely necessary.  SSL also takes a lot more cpu power to 
process than the light encryption this app uses.

Dave



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message