• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

encrypt the query string in java

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what is the best way to encrypt the query string in java..
 
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

samuel soundra rajan wrote:what is the best way to encrypt the query string in java..



Do you mean encode instead of encrypt?
By Query String are you referring to the query string part of a URL?
 
samuel soundra rajan
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i want to encrypt the query string..
ex:
//sample.jsp?uid=101&mode=read

now i need to encrypt the "uid=101&mode=read"
i dont want to display the secure data in the url..

 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Instead of encrypting the complete string I'd just encrypt any sensitive values. That way the servlet container still knows what to do with it.

The Java API for encryption is called JCE, and you'll many links regarding it (including code examples) in the Security FAQ.
 
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Another option would be to switch to using POST forms -- instead of GET. And using https.

Henry
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Another option would be to switch to using POST forms -- instead of GET. And using https.


I'm guessing that the objective here is to hide the values from the web app user.
 
Henry Wong
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:I'm guessing that the objective here is to hide the values from the web app user.



Yeah... my suggestion assumes the reasoning for the encryption (in the first place) is to hide the values from the user and anyone seeing the network traffic.

Henry
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Henry Wong wrote:Another option would be to switch to using POST forms -- instead of GET. And using https.


Yes, but more fundamentally, never trust anything from the client.

Its much more secure to send a random nonce to the user, put it in a hidden field. Use the nonce in your server to index into a HashMap to get whatever data you need.

Using POST and HTTPS is good, but still implies that you are trusting the client software. And it may not be what you think it is.
 
I didn't say it. I'm just telling you what this tiny ad said.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic