aspose file tools*
The moose likes JSP and the fly likes How to hide the parameters in the URL?? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "How to hide the parameters in the URL??" Watch "How to hide the parameters in the URL??" New topic
Author

How to hide the parameters in the URL??

Deepa Balasubramanayam
Ranch Hand

Joined: Mar 29, 2001
Posts: 39
Hi,
I am calling a jsp program passing some parameters and in the URL I am seeing those parameters. If I change the parameter value at URL address and refresh the page , it pulls back the information of the newly enter parameter. I feel it is not a secured one.
Please suggest me ideas to hide parameters in the URL or any secured way of coding.
Thanks
Deepa.
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
use post method in the form , default is get so u always see the parameters in the url.
<form action="some.jsp" method="post">
Deepa Balasubramanayam
Ranch Hand

Joined: Mar 29, 2001
Posts: 39
Thanks for your reply prabhat kumat. But I have a different problem. Here is the coding
<a href="http://localhost:8080/RegSearch.jsp?primaryRegId=<%= primaryRegId %>" target=_top>
View All Registered User </a>
On clicking "View All Registered User " Hyperlink the following URL is displayed in the Address field.
"http://localhost:8080/RegSearch.jsp?primaryRegId=20001"
If I change the primaryRegId to 30909 instead of 20001 in the URL address and refresh the page it brings back the information of the other user 30909, which is not secured.
Could you please let me know how to avoid this?
Thanks
Deepa
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
however it is not a directly rerlated to jsp but rather javascript. however this is how this can be done.
define these function in head section of html.

in html form u have to do ..

[ February 24, 2002: Message edited by: prabhat kumat ]
[ February 24, 2002: Message edited by: prabhat kumat ]
bill williams
Ranch Hand

Joined: Jan 15, 2002
Posts: 94
any better way to do this?


Yet Another SCJP2
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
i don't think so . coz for hiding the parameters u need to use the post method.
Deepa Balasubramanayam
Ranch Hand

Joined: Mar 29, 2001
Posts: 39
Hi prabhat,
I tried out your coding , But if I click the Hyperlink nothings is happaning.
I could not copy the html here, because it gives error.
Can I email you the coding?
Thanks
Deepa
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
sure u can.
mail id is prabhatis@yahoo.com
..
Sita Kotamraju
Ranch Hand

Joined: Nov 30, 2001
Posts: 60
If you use sessions, you can put the id in the session, right?
Deepa Balasubramanayam
Ranch Hand

Joined: Mar 29, 2001
Posts: 39
Hi Sita,
I am not much familiar with session concepts. Could you send me some sample coding or any site address that has tutorial for sessions.
Thanks
Deepa
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
it is easy.
all u have to do is ..
setting a session var.

in the next page in same session u can get it like this.

and i will reply ur mail a bit late. as it is 5.30 now and i have to get ready for the office
Sita Kotamraju
Ranch Hand

Joined: Nov 30, 2001
Posts: 60
Deepa,
Here is a url for the session management it is part of the J2EE tutorial.
Good Luck,
Sita
john wu
Greenhorn

Joined: Nov 27, 2001
Posts: 7
I dont think using session is a closer solution for the question. session can be used only in same server, but when two jsps live in different server, can you still user session to 'transfer' your data?
I think maybe using hidden field is a way some time and is a closer answer to the question.
Criz Punzalan
Greenhorn

Joined: Oct 24, 2003
Posts: 1
have the same problem (hiding hyperlink parameter). was there a simple solution to this. have a listing of IDs from one page and using hyperlink to pass ID for database search to the second page. the value shows up in the URL and can be manipulated to pull different data. tried adding a form with post, but didn't know how to capture selected value from the hyperlink tags (without creating an array of hidden input type).
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to hide the parameters in the URL??