Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

request.setAttribute() visibility

Status
Not open for further replies.
pr0n603

pr0n603

Programmer
Dec 14, 2004
23
0
0
US
This might seem like a really stupid question....

Is the data transfered through HttpServletRequest.setAttribute(String, Object) and HttpServletRequest.getAttribute(String) visible to traffic outside the web server. Meaning, are these objects transfered through URL rewritting/cookies or are they just within the java application. Basically, can i pass sensitivy data through these methods w/o compromising security?

My guess is yes....any opinions?

Thanks!
 
Sort by date Sort by votes
Any data contained within the HttpSession object is purely on the server, and never transmitted to the client. The only thing relating betweeen the HttpSession object and the client is the JSESSIONID cookie, which links the server based HttpSession object, and the particular browser this relates to - not any data - just the id, if you like.

Click here to learn Ways to help with Tsunami Relief
--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
Im talking about HttpServletRequest not HttpSession
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pranavsingh
  • Locked
  • Question
Data visibility across weblogic and jdbc connection
Replies
5
Views
16
pranavsingh
pranavsingh

Part and Inventory Search

Sponsor

Back
Top