We use Sun One Portal server that allows for single sign-on for the users to multiple applications. In one of the applications, the user will request for an Actuate e.Report after providing input parameters in a JSP page.
An URL will be formed with a given input which calls the Actuate report's execute command. The requirement is to hide this URL as it contains sensitive information. One way I have thought about and which also works is to submit the request to a servlet and the servlet will do response.sendRedirect(url). This acheives what we want. Since this is a portal application, the URL is not displayed in the address bar.
What I want to know is that if there is a better way to acheive URL obfuscation?
Hiding the URL will only keep it from casual eyes who are not the people you are worried about. Those from which you are really trying to protect this sensitive data know how to sniff out such information.
The only way to truly protect the data is with encryption.