WebApp Sec mailing list archives
Re: GET and POST Methods Accepted
From: "christopher baus" <christopher () baus net>
Date: Thu, 13 Oct 2005 10:03:42 -0000 (GMT)
This is not the case. The HttpServlet class defines separate methods for each HTTP request. So there is a doGet() and a doPost() method to handle forms and the container will direct the request to the appropriate method. The developer would have to purposefully make them interchangeable by calling doPost() from within the doGet() method, or visa-versa. See: http://java.sun.com/products/servlet/2.1/ servlet-2.1.pdf for more info on the spec.
You're right. I take that back. What I was thinking about was the spec requires that POST parameters in the body be treated the same way as parameters in the URL, even though the HTTP spec doesn't specify how POST parameters should be encoded.
Current thread:
- GET and POST Methods Accepted Welsh, Ed (Oct 12)
- Re: GET and POST Methods Accepted Joe Teff (Oct 12)
- Re: GET and POST Methods Accepted christopher baus (Oct 12)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted christopher baus (Oct 13)
- Re: GET and POST Methods Accepted Stephen de Vries (Oct 13)
- Re: GET and POST Methods Accepted Damien Watson (Oct 13)
- Re: GET and POST Methods Accepted Serg Belokamen (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted John GALLET (Oct 13)
- Re: GET and POST Methods Accepted Eoin Keary (Oct 13)
- Re: GET and POST Methods Accepted Paul Laudanski (Oct 18)
- <Possible follow-ups>
- RE: GET and POST Methods Accepted Derick Anderson (Oct 13)
- RE: GET and POST Methods Accepted christopher baus (Oct 13)
(Thread continues...)