Currently, I need send large no of user input parameters to the servlet. (more then 5000) But my ajax post request is giving 400 error bad request header too long.
How to handle this?
I'm taking all user entered parts as an array and passing as below:
var url = "/bin/maxim/legacy/tradecompliance?partNum="+ encodeURIComponent(array);
Related
We have a portal whose POST request parameters are:
access_token, session_id,state
But I don't see any response containing values for the above mentioned parameters at all. Is there any way I can capture it?
If you don't see the values in the response body, the following options remain:
The values are in the URL, i.e. you're redirected at least once and the redirect target contains the values you're looking for in its URL
The values are in the response headers
both locations can be expected using View Results Tree listener and both locations can be queried using i.e. Regular Expression Extractor or Boundary Extractor
The values might come as the result of an AJAX request, JMeter is not a browser and it doesn't execute JavaScript so you will need to manually simulate these calls using individual HTTP Request samplers
The values might be calculated by JavaScript on browser side, if this is the case you will need to replicate the logic using JSR223 PreProcessor and Groovy language
Apparently I was under the misconception that GET and POST methods differ in the sense that the query parameters are put in plaintext as a part of the URL in GET method and the query parameters are THERE IN THE URL IN ENCODED(ENCRYPTED) FORM .
However , I realize that this was a grave misconception . And after going through :
https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9
and after writing a simple socket server in python and sending it both GET and POST (through form submission) and printing the request in server side
I got to know that only in GET the parameters are there in the URL but in POST the parameters are there in the request body .
I went through the following question as well so as to see if there is any difference in sending a GET and POST at lower level (C-Level) :
Simple C example of doing an HTTP POST and consuming the response
So as in the above question above I saw that there is no special encryption being applied to the POST request .
As such I would like to confirm the following :
1.The insecurities associated with GET and POST are only because of the GET method attaching the parameters in the URL .
For somebody who can have the whole request body , both the GET and POST methods are equally vulnerable .
Over the network , both the GET and POST body are sent with the equal degree of encryption applied to them .
Looking forward to comments and explanations.
Yes. The server only gets to know about the URL the user entered/clicked on because it's sent as the data of the request, after (transport) security has been negotiated so it's not inherently insecure:
you type into a browser: https://myhost.com/a.page?param=value
browser does DNS lookup of myhost.com
browser connects to https port 443 of retrieved ip
browser negotiates security, possibly including myhost.com if the server is using SNI certificates
connection is now encrypted, browser sends request data over the link:
GET /a.page?param=value HTTP/1.1
Host: my host.com
(other headers)
//Probably no body data
---- or ----
POST /a.page HTTP/1.1
Host: my host.com
(other headers)
param=value //body data
You can see it's all just data sent over an encrypted connection, the headers and the body are separated by a blank line. A GET doesn't have to have a body but is not prevented from having one. A POST usually has a body, but the point I'm making is that the data sent (param=value) that is relevant to the request (the stuff the user typed in, potentially sensitive info) is included somewhere in the request - either in the headers or the body - but all of it is encrypted
The only real difference from a security perspective is that the browser history tends to retain the full URL and hence in the case of a GET request would show param=value in the history to the next person reading it. The data in transit is secure for either GET or POST, but the tendency to put sensitive data on a POST centres on the "data at rest" concept in the context of the client browser's history. If the browser kept no history (and the address bar didn't show the parameters to shoulder surfers) then either method would be approximately equivalent to the other
Securing the connection between browser and server is quite simple and then means the existing send/receive data facilities all work without individual attention, but it's by no means the only way of securing connection. It would be conceivably possibly not to have the transport do it but instead for the server to send a piece of JavaScript and a public part of a public/private key pair on the page somewhere, then every request the page [script causes the browser to] makes could have its data individually encrypted and even though an interim observer could see most of the request, the data could be secured that way. It is only decryptable by the server because the server retains the private part of the key pair
I have an API sending my app requests, and the Request Payload in my Google Chrome Debugger seems populated with data that should have populated my ActionDispatch Request Parameters, so that within the controller, I could call params, and it would draw the items found in my request payload.
My request payload
stateId=resume&Authorization=&Expires=1427487450®istration%5Fid=3&member%5Fid=1&Signature=wiXiEskkMFTsOQh9vsRg%3D&Content%2DType=application%2Fjson&X%2DExperience%2DAPI%2DVersion=1%2E0%2E1&agent=null&&activityId=http%3A%2F%2F6LHIJumrnmV%5Fcourse%5Fid&content=1k21098100101100002000
So I should be able to call params['stateId'] or params['member_id'], but my params are empty. What process has to happen inbetween the Request Payload ( or simply called Form Data ), and Rails picking it up and distributing those variables as params ?
I know I can get url in mvc using
request.url.query()
but # value is skipped can I find
#abc_xyz
value in url
http://localhost:4032/ShowResults/id#abc_xyz
Is it possible?
some work must be done:
Each time on client side, when hash changes, you should store its value in hidden input.
If this ajax request, then you can store this value in request header or in data property, and on server side analize this data.
If this simple post request to action you can analize request form values for this value.
I want to make an HTTP GET request from my iOS client and place in the request params. I have written code that performs a POST request, where it was very easy to use setHTTPBody to place a NSData* object in the request. How is this done for a GET request?
Thanks
In a GET method the parameters are passed in the query string - so you suffix your URL with something like ?param1=value1¶m2=value2¶m3=value3. You may need to percent-encode your query string if it contains characters like space, & or =