How to pre-populate a form from a web app on a different server
Question
I have Web Application A on Server A that links to Web Application B on Server B. I'm linking to a form that I want to pre-populate with data from Web Application A. So:
Web App A --Links to form and sends data for pre-population--> Web App B
Since they're on seperate servers I importunately can't just plop something into Session, so I'm going to have to be a little more creative. I'm considering a few different options and I'm looking for the simplest of those solutions. Any suggestions?
Here's a few options I'm considering:
- Pass the form data in the link via query string parameters. This seems simple enough, is the legit to do? Or is it a security concern? I'd be passing about 8 parameters, the most sensitive being e-mail address and address. This would all be over SSL.
- Similarly, I could pass the data as POST parameters.
- Web App A writes a cookie, Web App B reads the data from the cookie . (This seems like more of a security concern than passing as GET or POST parameters)
- I could share an object via JNDI to use for prepopulation . Then I guess I could pass a unique ID on the query string which Web App B could use to pick up the object. This seems like it might be "overkill" and I'm not sure how this would work.
- I could store the data in a database against a unique ID, pass the unique ID on the query string, then pick it up in Web App B from that same database. Again, this might be "overkill".
Any thoughts? Or is there a better solution that I don't have listed?
2 answers
solution1
1 2011-05-12 13:24:14
在我看来,GET参数是最简单的方法,我认为没有重要的安全隐患。
solution2
1 ACCPTED 2011-05-12 14:47:40
You should assume anything that web app A puts in the redirect can be read/stolen/modified/spoofed before it gets to web app B (unless you are using SSL on both app A and B). If this isn't a problem then putting the params on the redirect URL should do you fine.
A secure way would be for app A to generate a unique ID (non guessable and short lived) and to store the info against this ID. The ID is passed with the request to app B. Server B then accesses the data from server A using the ID in a private secure way, for example be calling a web service on server A that is not publically accessible.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.