Suppose this code.
HTML
<form>
<input name="username" type="text">
<input name="password" type="password">
<input type="button" value="submit">
</form>
<div class="content" style="display: none;">
<!--
Stuff supposed to be seen and used by logged users excusively
(e.g. leave a comment).
Let's say the current user is stored into session by means of a Bean.
-->
</div>
JAVASCRIPT
var username = $("input[name='username']");
var password = $("input[name='password']");
var button = $("input[type='button']");
var content = $(".content");
var execute = function(responseText)
{
if(responseText == "success")
content.css("display", "block");
};
button.on("click", function()
{
$.post("Servlet", { username: username.val(), password: password.val() }, execute);
});
SERVLET
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
final String user = request.getParameter("username");
final String password = request.getParameter("password");
// The class DBStuff offers static methods to query a database with.
if(DBStuff.canLogin(user, password))
response.getWriter().write("success");
}
I'm a newcomer to web-development and coding a mock web site just to get some practise. I've structured my html, javascript and servlets just as above and was wondering what kind of security issues might this design expose, if there are any.
Can you help me detecting them, providing an explanation as well?
Thank you for your attention.
Aucun commentaire:
Enregistrer un commentaire