This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Filters ! Request URL handling Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Filters ! Request URL handling" Watch "Filters ! Request URL handling" New topic
Author

Filters ! Request URL handling

Awais Bajwa
Ranch Hand

Joined: Jan 16, 2001
Posts: 191
Hello all,
I have a problem with the url parameter sending for my servlet sending Get request. so all the variables are visible in the URL.
like http://server:8080/servlet/Myservlet?param1=90¶m2=20¶m3=50
I want to encrypt these parameters using fitlers so that one could not see them . Is it possible using servelt Fileters.
Regards
Awais Bajwa
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30130
    
150

Awais,
If you just want to make it so the user can't see the parameter values, use "post" instead of "get" for form submission. Then the values won't be in the URL at all.
If you really want to encrypt the parameters over the network, you need to use https. Servlet filters won't help you because the filter takes affect once the request gets to the server, not on the user's machine.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Awais Bajwa
Ranch Hand

Joined: Jan 16, 2001
Posts: 191
THanks Jeanne,
Well i dont want to use Post request, this is my limitation lets say.
Now please tell using https what whould be the benifits?
i dont think that url parameters will be encrypted using https.
lets say http://server:8080/one/servlet/TestServlet?a=90&b=90
I want 'a' and 'b' hidden and not visible in the url, is it possible using https.
?
regards
Awais Bajwa
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30130
    
150

No, https will encrypt the data over the network (for anyone with a packet sniffer.) It will still display in the location bar.
Do you mind if I ask why you don't want to or can't use post? Also, keep in mind that someone can find out that "a" and "b" are your field names just by looking at your source code.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Filters ! Request URL handling
 
Similar Threads
How can i use ActionRedirect using post method
Reading parameters in Servlet passed from Client
is Enumeration act as stack?
Parameters GET after a connection
using double quote in passing parameter