Solved

Secure https and servlets

Posted on 2002-06-25
5
290 Views
Last Modified: 2012-05-04
I have a servlet that will be called via https.  I put the base url on the image src so
<img src="http://www.xx.com/info/images/test.gif" ..>

My question is if this is an https ( secure ) site does that mean i have to use https
<img src="https://www.xx.com/info/images/test.gif" ..>
to downloand the images, etc.?

THanks


0
Comment
Question by:borg48
5 Comments
 
LVL 92

Expert Comment

by:objects
Comment Utility
Only if you want https to be used to download the images.
0
 
LVL 1

Expert Comment

by:mraible
Comment Utility
As objects said, no it is not necessary - your best bet is to use a relative path, i.e. /info/images/test.gif rather than an absolute path with the http:// - this will allow the image to use the same protocol as you're using to access the servet.

If you code your servlet with https:// and your image with https://, your users might get warnings that all elements on the page might not be secure - and this looks bad.

HTH,

Matt
0
 

Author Comment

by:borg48
Comment Utility
The problem I have is that when I get a servlet and a path for example is htdocs/images/rl/logo.gif

when its a servlet i spit out the page and the img src is src="images/rl/logo.gif" it doesnt seem to find it.
0
 
LVL 1

Accepted Solution

by:
mraible earned 50 total points
Comment Utility
What is the path you are using to get to your servlet?

If you have it mapped in a web.xml you can use something like the following:

request.getServletContext() + "images/...

0
 
LVL 19

Expert Comment

by:cheekycj
Comment Utility
mraible is right.

What I usually do is have a global constants that store the full path to the images both secure and non-secure.  If I know a page is always accessed using SSL I use the SSL image path otherwise the non-ssl image path.

Another solution (not a good one) is to always have the images served up over SSL even on non-ssl pages.  This way the users will not see the non-secure warnings on any page.

CJ

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now