Often a url parameter contains the id/guid of an object that one
wishes to access. i.e.,
http://.../servlet/Test?GUID="25IUYEUEU" is there a way to secure these parameters passed. Currently
we encrypt the GUID on a per session basis and then pass it on
the URL, the recieving
servlet then decrypts the GUID and then uses it. The concern is that because the encryption is session]
based, one could use the same encrypted key through out the session to access other parts of the application.
Is there a cool way to this...?