Solved

Secure https and servlets

Posted on 2002-06-25
5
293 Views
Last Modified: 2012-05-04
I have a servlet that will be called via https.  I put the base url on the image src so
<img src="http://www.xx.com/info/images/test.gif" ..>

My question is if this is an https ( secure ) site does that mean i have to use https
<img src="https://www.xx.com/info/images/test.gif" ..>
to downloand the images, etc.?

THanks


0
Comment
Question by:borg48
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 92

Expert Comment

by:objects
ID: 7106862
Only if you want https to be used to download the images.
0
 
LVL 1

Expert Comment

by:mraible
ID: 7107874
As objects said, no it is not necessary - your best bet is to use a relative path, i.e. /info/images/test.gif rather than an absolute path with the http:// - this will allow the image to use the same protocol as you're using to access the servet.

If you code your servlet with https:// and your image with https://, your users might get warnings that all elements on the page might not be secure - and this looks bad.

HTH,

Matt
0
 

Author Comment

by:borg48
ID: 7108101
The problem I have is that when I get a servlet and a path for example is htdocs/images/rl/logo.gif

when its a servlet i spit out the page and the img src is src="images/rl/logo.gif" it doesnt seem to find it.
0
 
LVL 1

Accepted Solution

by:
mraible earned 50 total points
ID: 7108121
What is the path you are using to get to your servlet?

If you have it mapped in a web.xml you can use something like the following:

request.getServletContext() + "images/...

0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7108124
mraible is right.

What I usually do is have a global constants that store the full path to the images both secure and non-secure.  If I know a page is always accessed using SSL I use the SSL image path otherwise the non-ssl image path.

Another solution (not a good one) is to always have the images served up over SSL even on non-ssl pages.  This way the users will not see the non-secure warnings on any page.

CJ

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exception creating bean of class 5 219
web service Rest Client creation 4 98
love6 challenge java 31 133
designing in object programming 12 105
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question