Reputation: 753
Java servlet: do parameters sent with doGet() get encoded using HTTPS?
If I have a java servlet using doGet() such as:
public class MyServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
...
param1 = request.getParameter("param1");
...
and it gets accessed by calling https://www.mydomain.com/MyServlet?param1=hello.
Is param1 secure since I'm using https (that is, param1 is not visible to anyone but the user accessing the link)? Or, is it visible because doGet() places param1 in the HTML header? If the latter, what's equivalent doPost() look like here?
Upvotes: 0
Views: 207
Answers (1)
Reputation: 8659
If the link originates in the https site, then its fine.
If the link does not originate in the https site, its not. Like if you literally put that link on another site, or same site using http. So if you had http://www.example.com/ and it linked to https://www.example.com/MyServlet?param1=hello then it wouldn't actually be secure because you printed out the link over plain text.
Upvotes: 2
Related Questions
- HttpServletResponse not overriding the parameters I set up
- HttpServlet contracts for doGet and doPost
- HttpServletRequest - SetParameter
- servlet request parameter character encoding
- Servlet Parameter Encryption
- Secure doGet parameter in Servlet
- Java servlet's parameter values are not decoded
- HttpServletRequest.setAttribute() converts ASCII chars
- Java : When a parameter has a value that matches a UTF-8 encoded string in a java HTTPRequestServlet, a doGet decodes it by default
- How the attribute field of a HttpServletRequest maps to a raw HTTP request?