Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Secure https and servlets

Posted on 2002-06-25
5
Medium Priority
?
299 Views
Last Modified: 2012-05-04
I have a servlet that will be called via https.  I put the base url on the image src so
<img src="http://www.xx.com/info/images/test.gif" ..>

My question is if this is an https ( secure ) site does that mean i have to use https
<img src="https://www.xx.com/info/images/test.gif" ..>
to downloand the images, etc.?

THanks


0
Comment
Question by:borg48
5 Comments
 
LVL 92

Expert Comment

by:objects
ID: 7106862
Only if you want https to be used to download the images.
0
 
LVL 1

Expert Comment

by:mraible
ID: 7107874
As objects said, no it is not necessary - your best bet is to use a relative path, i.e. /info/images/test.gif rather than an absolute path with the http:// - this will allow the image to use the same protocol as you're using to access the servet.

If you code your servlet with https:// and your image with https://, your users might get warnings that all elements on the page might not be secure - and this looks bad.

HTH,

Matt
0
 

Author Comment

by:borg48
ID: 7108101
The problem I have is that when I get a servlet and a path for example is htdocs/images/rl/logo.gif

when its a servlet i spit out the page and the img src is src="images/rl/logo.gif" it doesnt seem to find it.
0
 
LVL 1

Accepted Solution

by:
mraible earned 200 total points
ID: 7108121
What is the path you are using to get to your servlet?

If you have it mapped in a web.xml you can use something like the following:

request.getServletContext() + "images/...

0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7108124
mraible is right.

What I usually do is have a global constants that store the full path to the images both secure and non-secure.  If I know a page is always accessed using SSL I use the SSL image path otherwise the non-ssl image path.

Another solution (not a good one) is to always have the images served up over SSL even on non-ssl pages.  This way the users will not see the non-secure warnings on any page.

CJ

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Following on from our article on "The Murky World of Consent and opt in", we thought we would issue some helpful guidance, not only on consent itself but knowing what information you are capturing, what you are doing with this data and how you can p…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Screencast - Getting to Know the Pipeline
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question