This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes how do i encrypt/decrypt query string. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "how do i encrypt/decrypt query string." Watch "how do i encrypt/decrypt query string." New topic
Author

how do i encrypt/decrypt query string.

hasan khan
Ranch Hand

Joined: Aug 04, 2003
Posts: 222

how do i encrypt/decrypt query string.


SCJP, SCWCD
Reza Ravasizadeh
Ranch Hand

Joined: Jun 08, 2004
Posts: 177
If with query String you mean HTTP request/response body, I think (not sure) the only way is to use HTTPS


Reza
hasan khan
Ranch Hand

Joined: Aug 04, 2003
Posts: 222

i already have HTTPS for my website, but what about the links such as https://www.mywebsite.com/myservlet.do?custid=786&orderid=1234&someOtherImportantParameter=5678

i dont want user to modify the value for custid, orderid and try to access someone else information.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41161
    
  45
You should only allow such operations for authenticated users, so that you can check whether the orderid should properly be accessible by the user in question.

If you really want to, you could use JCE for encrypting the query string, but that's not the proper solution to your problem - authentication is.
[ June 01, 2006: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
hasan khan
Ranch Hand

Joined: Aug 04, 2003
Posts: 222

i appreciate your alternative suggestions, but i am simply looking to encrypt/decrypt query string. i have searched on google, but i got some paid ones, i am looking for some free one which i can use in jsp.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41161
    
  45
I'm not sure what you mean by "paid ones" and "free ones", but JCE can be downloaded from java.sun.com.
hasan khan
Ranch Hand

Joined: Aug 04, 2003
Posts: 222

ok, do u have any simple example of encrypting/decrypting a String using JCE
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
You can't prevent people from sending corrupt data over http, whether using http or https.
The https encryption is purely to deter snooping of the data in transit.

If you don't trust your users, use heavy serverside validation in combination with https post requests in order to make it as hard as possible for them to do something nasty.


42
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41161
    
  45
Originally posted by hasaN khaN:
ok, do u have any simple example of encrypting/decrypting a String using JCE


Did you miss the link in my earlier post? That's as bare-bones as it gets.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how do i encrypt/decrypt query string.
 
Similar Threads
Java and Javascript intearaction
Java and Javascript intearaction
Java and Javascript intearaction
encryption
Encryption-decryption file problem