I was thinking about that topic, and I am a little bit confused. I am using SSL. There is some story:
- User click on the button "Give me X"
- Service 1 receive it, get userName from the session and send GET to Service 2 passing userName as URL parameter
- Service 2 receives it, sends the response with some data.
- Service 1 receive it and send that data back to the user.
Service 1 and 2 are in this same machine, uses the same web container (Tomcat for example).
I found that when we send a request directly from the user (he can see the destination URL) is not safe, but I did not found anything about "forwarding". It is safe?
And I know that there are a lot of better solutions, but this question is purely hypothetical ;)