Client's queries to the Server are shown in the URL : what can I do to avoid that?

Question

I've written a Bank application in java , the server side uses Mysql & JSP pages .

When I pass queries from the client side to the server side , the inputs that I entered are shown in the URL address .

For example :

enter image description here

As you can see , the username and password are shown in the address bar .

I want to avoid that .

What would be the best approach to accomplish that ?

FYI : The screen shots are from inside Eclipse J2EE.

This project is pretty big , so if some code is needed , please say which is needed and I'd attach it.

Use POST. But also when you actually put this on the web, if it ever happens, you'll want to buy an SSL certificate. Even with POST the password is sent plaintext unless you are going through the SSL protocal `https://` — developerwjk, Mar 25 '14 at 21:49
I doubt it's ever going to go on the internet - if you check his profile, he's a student. I remember doing this same assignment in one of my classes. :) — aehiilrs, Mar 27 '14 at 17:26

score 4 · Accepted Answer · answered Mar 25 '14 at 21:51

Probably you are passing data using the GET HTTP method.

In order to avoid viewing form parameters in the URL's querystring, make sure to set the attribute method="post" inside the form tag, in this way:

<form action="Bank/loginPage" method="post">
    <!-- form input fields -->
</form>

score 2 · Answer 2 · edited May 23 '17 at 11:57

2

Use POST Use SSL (https) Familiarize yourself with cookies, session, etc. Look here: Spring Security Authentication using RestTemplate

edited May 23 '17 at 11:57

Community

answered Mar 25 '14 at 21:54

Alexandre Santos

Gud answer , this should rather be the correct answer , +1 for the link you have shared – Santhosh Mar 26 '14 at 04:13

2 Answers2