WebApp Sec mailing list archives
Re: GET and POST Methods Accepted
From: Stephen de Vries <stephen () corsaire com>
Date: Thu, 13 Oct 2005 15:25:19 +0700
On 13 Oct 2005, at 10:02, christopher baus wrote:
I have seen this recently on J2EE sites and CGI (PERL, PYTHON, Binary).I know for a fact that this part of the Java servlet spec (POST's andGET's look exactly the same to servlet handler). It gets confusing if thePOST request has parameters in the URL and the body which is legal.
This is not the case. The HttpServlet class defines separate methods for each HTTP request. So there is a doGet() and a doPost() method to handle forms and the container will direct the request to the appropriate method. The developer would have to purposefully make them interchangeable by calling doPost() from within the doGet() method, or visa-versa. See: http://java.sun.com/products/servlet/2.1/ servlet-2.1.pdf for more info on the spec.
Current thread:
- GET and POST Methods Accepted Welsh, Ed (Oct 12)
- Re: GET and POST Methods Accepted Joe Teff (Oct 12)
- Re: GET and POST Methods Accepted christopher baus (Oct 12)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted christopher baus (Oct 13)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted Damien Watson (Oct 13)
- Re: GET and POST Methods Accepted Serg Belokamen (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Paul Laudanski (Oct 18)
- <Possible follow-ups>
- RE: GET and POST Methods Accepted Derick Anderson (Oct 13)
(Thread continues...)