Two Laptop Bag*
The moose likes Servlets and the fly likes Want send username and password in url in some secure manner Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Want send username and password in url in some secure manner" Watch "Want send username and password in url in some secure manner" New topic
Author

Want send username and password in url in some secure manner

sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Hi,
I have to send username and password in my url in some secure manner so that no one can see that info.I am using post call.Please share some idea.
Thanks
sudhanshu
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60056
    
  65

SSL


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Bear Bibeault wrote:SSL

Sorry i dont know abt this.
What is this SSL??
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60056
    
  65

What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.


thanks bear...
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60056
    
  65

If you are using Tomcat, here's the "how to".
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Ben Souther wrote:Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?


Actually i am trying to launch an application fron other application.In this case I have two scenarios..

1. either both application are on same java server
2.or they are on different server

I am sending username and password to retrieve the data from the storage area (u can say a database) to show in my second java application.
If you need some more info than just inform me.

Thanks,
sudhanshu
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.


I dont think i can use SSL in my aaplication as it need some information to fill and also expiration thing..
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Are you ever sending the username and password to the browser?
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Ben Souther wrote:Are you ever sending the username and password to the browser?


each time when i launch application(application launched in browser only) i am sending username and password using post and prob is anyone can see username and password in Browser URL
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.
sudhanshu agarwal
Greenhorn

Joined: Mar 02, 2010
Posts: 13
Ben Souther wrote:If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.


So is there any other wayother than ssl for security or we have to implement something else
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You would have to implement something else.
Sending usernames and passwords down to the browser is never a secure way to do (SSO) single sign on.
Alpesh Padra
Ranch Hand

Joined: Jan 10, 2010
Posts: 41
You can encrypttion and decryption mechanism for sending your user name/password.

If your method if get or post. No one can see your plaing username password.

Moreover. i remember once more option. you can encode your URL . I am not sure about it. but you can do some investigation.

Please correct me if i am wrong.
Prabhat Shankar
Greenhorn

Joined: Oct 08, 2009
Posts: 27
Hi,

You can pass encrypted form of user id & password in url.

You can create temporary table in database for storing user id & password which you are sending to other application and instead of sending userID and password you can send the slno from table for that userId and password.
Tell that application to retrieve userID & password from table.




Prabhat Shankar Consumer Court,Consumer Court India,Consumer Complaints,Complaint India, Web Value
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Want send username and password in url in some secure manner
 
Similar Threads
How to access a page with username and password through Java?
JSTL setDataSource syntax secure or not?
Client Side Encryption/ Hashing Technique.
Retrieving Database Username and Password
Ajax Request Query String