This week's book giveaway is in the Other Open Source APIs forum. We're giving away four copies of Storm Applied and have Sean Allen, Peter Pathirana & Matthew Jankowski on-line! See this thread for details.
Awais, If you just want to make it so the user can't see the parameter values, use "post" instead of "get" for form submission. Then the values won't be in the URL at all. If you really want to encrypt the parameters over the network, you need to use https. Servlet filters won't help you because the filter takes affect once the request gets to the server, not on the user's machine.
THanks Jeanne, Well i dont want to use Post request, this is my limitation lets say. Now please tell using https what whould be the benifits? i dont think that url parameters will be encrypted using https. lets say http://server:8080/one/servlet/TestServlet?a=90&b=90 I want 'a' and 'b' hidden and not visible in the url, is it possible using https. ? regards Awais Bajwa
author & internet detective
No, https will encrypt the data over the network (for anyone with a packet sniffer.) It will still display in the location bar. Do you mind if I ask why you don't want to or can't use post? Also, keep in mind that someone can find out that "a" and "b" are your field names just by looking at your source code.