I have gone thru javadocs of URLEncoder and URLDecoder. Then got more inquisitive. Consider the server as tomcat.In any webapplication whenever we submit
the form , server converts the forms fields into urlencoded fields and when we do request.getParamter("fieldName"). Server again decode it with URLDecoder.
Is that correct? Does server do it or browser? Simlary when we type any url in address bar same stuff happens? If server or browser does that
when we require to encode or decode the request paramter explicitly with the help of URLEncoder and URLDecoder? Though these are basic questions but could not find these anwers clearly.
In any webapplication whenever we submit the form , server converts the forms fields into urlencoded fields and when we do request.getParamter("fieldName").
No. The browser does that.
Server again decode it with URLDecoder. Is that correct?
Yes.
Does server do it or browser?
The browser.
If server or browser does that when we require to encode or decode the request parameter
explicitly with the help of URLEncoder and URLDecoder?'
I don't know what that means but it's still the browser. You only need to encode the request parameters if you are sending the request from application code. You don't need to decode them at all if you're running in a servlet container: it will do that for you.
While it is true that browser does encode a URL before passing it off to the web server but there may not be a browser involvement all the time.
e.g. your server app might be making a REST based call and passing some data in a simple GET request. And then if you don't encode it on your server it may become garbled when receiver decodes it.
Therefore it is highly recommended to always encode the URL before sending it off in your server code.
Related
I am reading Detecting Device Type in a web application and just got curious if it would be possible to client to fake the User-Agent when sending the request?
Question(s)
- user sends request via curl command but fakes it to look as if request is coming from Mobile on the server? is it possible?
- Can server detect it?
- Can server prevent it?
Thanks
It is possible and easy. All you have to do is set the user-agent header string. I've seen a browser that allowed you to set it (don't remember which one). On the server it is very hard to know. A lot of bots pretend to be a browser so they don't get filtered out.
I have the following URL
http:actionname.php?user=username&password=pwd&sender=no&audio_file=somefilehere
I want to send an audio file along with the above parameters.
Is it possible to send an audio file as a request parameter?
Thanks in advance...
You can send the name of a file, but not the file itself. URL lengths are limited, practically to about 2000 characters. Theoretically they may be a bit longer, but this is not supported on all browsers. See this answer.
If the file is publicly available, and the file name is a URL itself, the server may fetch the file later.
If you want to send a file, consider having a POST request with the file content in it.
As usually, you will send anything as request to web server, the file content will be transferred as internals of HTTP message (POST parameters as file name, and content separately) outgoing from you to the server, until it finished (it is TCP session and it won't be break up while data is streaming), it could be considered as "request" to web server.
Theoretically, you could send something via URL (HTTP GET request), but you could develop some kind of transport data-over-HTTP-GET protocol to send escaped binary data chunks as GET parameters. It is possible :)
Even sending (uploading) file via POST request also no so plain as submitting form with usual POST parameters, you should use multipart/form-data encoding in the form and special treatment on the server side for that.
It is not good, but not so weird as transmitting data via URL, you could send some data within GET request to the server, look here for more.
I'm attempting to use Nexmo.com to send and receive text messages. Sending works fine, but I am having some issues receiving messages.
My issue is with the Callback URL and what format that page should be in. Nexmo's documentation is here and says this
Inbound Message
If you have purchased long virtual numbers, you will need to set up a CallBack URL for inbound to which we will send a request for each incoming message. Nexmo will be expecting response 200 OK, or it will retry.
The request parameters sent via a GET (default) to your URL include the following parameters.
Am I missing something extremely simple? Is there somewhere that I haven't found with an example of a Callback URL page? Thanks for any help!
Edit: For clarification, I'm using Nexmo's provided java library, but since their api is all built around URL's the java program simply visits a URL to send the message. Here
are their provided libraries
Not sure if I've understood your question.
Generally, if you want to receive messages, you have to setup a service on your server, with a callback url, say http://api.example.com/sms/
Then you setup this callback url in Nexmo. After that, Nexmo will access your server through the callback url, and send parameters via GET method.
And your server receives those info, and response 200 to Nexmo.
is there a way to check if it's really my (signed) applet which requests the webpage on the server?
i'd like to give response only if applet is ours.
would making https request from the applet ensure that they have same origin? is it possible to do without https?
No. You can't trust the client. An adversary can look at what the applet is doing and replicate it. Alternatively, just intercept transferred data or poke around in the applet's memory.
The best you can hope to do is obfuscate. Note, this will end up being much more difficult for you than for the adversary.
I would suggest you use Cryptography, and send a "encrypted" parameter alongwith request. That parameter can be "decrypted" at server side and validated.
The parameter's encrypted representation should be computed dynamically(like Timestamp + ).
I was wondering what the preferred way of sending an image to a webserver from an android application?
I've seen people
opening up sockets and send the actual image data.
base64 encoding it and sending it as a string.
What is the preferred way? Can someone post some examples as well.
Thanks
You could try writing it to an xml file as a base64 string then send it an parse the file on the server and decode the string to an image.
An HTTP Post is probably the easiest way, sending it as multi-part form data. Makes it easier to receive as well (a bog standard web server can handle it!)