• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 302
  • Last Modified:

Secure https and servlets

I have a servlet that will be called via https.  I put the base url on the image src so
<img src="http://www.xx.com/info/images/test.gif" ..>

My question is if this is an https ( secure ) site does that mean i have to use https
<img src="https://www.xx.com/info/images/test.gif" ..>
to downloand the images, etc.?

THanks


0
borg48
Asked:
borg48
1 Solution
 
objectsCommented:
Only if you want https to be used to download the images.
0
 
mraibleCommented:
As objects said, no it is not necessary - your best bet is to use a relative path, i.e. /info/images/test.gif rather than an absolute path with the http:// - this will allow the image to use the same protocol as you're using to access the servet.

If you code your servlet with https:// and your image with https://, your users might get warnings that all elements on the page might not be secure - and this looks bad.

HTH,

Matt
0
 
borg48Author Commented:
The problem I have is that when I get a servlet and a path for example is htdocs/images/rl/logo.gif

when its a servlet i spit out the page and the img src is src="images/rl/logo.gif" it doesnt seem to find it.
0
 
mraibleCommented:
What is the path you are using to get to your servlet?

If you have it mapped in a web.xml you can use something like the following:

request.getServletContext() + "images/...

0
 
cheekycjCommented:
mraible is right.

What I usually do is have a global constants that store the full path to the images both secure and non-secure.  If I know a page is always accessed using SSL I use the SSL image path otherwise the non-ssl image path.

Another solution (not a good one) is to always have the images served up over SSL even on non-ssl pages.  This way the users will not see the non-secure warnings on any page.

CJ

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now