wood burning stoves 2.0*
The moose likes JSP and the fly likes URL Encoding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » JSP
Bookmark "URL Encoding" Watch "URL Encoding" New topic
Author

URL Encoding

Sandeep Singh Kunwar
Ranch Hand

Joined: Feb 27, 2006
Posts: 52
Hi guys!!
I think my prob is a common one, but i dint found any satisfactory answer.

Here its:
We developed a application in JSP mainly without following MVC(surprisingly). It shows all the URL's straight forward. Which i am assigned to change, as any one can alter the URL and access things.
Now i want to use any sort of URL Encoding. Like most of the standard sites are using some sort of URL encoding. But i dont have any idea for that. If u guys can help in any way.

I am also interested in knowing, how much of rework will be needed, if any idea.
Thanks in advance


OfCourse Learner...<br />SCJP 5, SCWCD1.4<br />Blogs: <a href="http://sandeepkunwar.blogspot.com" target="_blank" rel="nofollow">http://sandeepkunwar.blogspot.com</a>
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61315
    
  66

If I understand what you are after, "URL encoding" is not the correct term. URL encoding is the process of encoding the individual characters in a URL for transmission.

If I am correct in my guess, you are looking for tips on "URL mapping" -- where your URLs do not directly address physical resources.

One way to do this is to employ the use of a Front Controller. Lots of info on this available on the web, and if you're patient, will be a topic in the next edition of the JR Journal.

It's also possible to simply define a bunch of mappings in the deployment descriptor, but that get pretty unwieldly very quickly, even for small web apps.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Sandeep Singh Kunwar
Ranch Hand

Joined: Feb 27, 2006
Posts: 52
Yes Bear Bibeault!!

U r right, URL Encoding doesn't looks appropriate. I think URL Encryption or something else may look fine.

"URL mapping" to directly address physical resources. - ya its one of the prob, but it includes encryption of parameters while moving.

Can u plz elobaorate this "Front Controller." - surely i m searching net for this.
JR Journal. - now i am eager for that edition
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61315
    
  66

Sandeep, please read this as well.
Sandeep Singh Kunwar
Ranch Hand

Joined: Feb 27, 2006
Posts: 52
I read that article and i m sorry bear, well in future surely i will take care for my wordings(Im still learning).
But even now my problem is unsolved.
i will try to reframe it.

Actully i want to know, how sites like myspace.com or yahoo etc uses this sort of encryption:
http://viewmorepics.myspace.com/index.cfm?fuseaction=user.viewPicture&friendID=4603710&MyToken=dac1874-0c04-499e-8317-0312cdf38ee
http://us.f343.mail.yahoo.com/ym/login?.rand=a6fhagb4prut4

which makes URL difficult to analyze and break i think ?

i will be gratefull to any sort of help.
Thanks in advance!!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61315
    
  66

While it's not clear what those sites are doing, encrypting the values you pass on a URL is often a good idea. Exposing primary keys to your database data is particularly poor.

We have a forum for security where you might get some ideas for encrypting the individual request parameter values.
 
GeeCON Prague 2014
 
subject: URL Encoding