• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypting the Query String!

Anirban Chowdhury
Ranch Hand
Posts: 36
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All Ranchers,

Struts Version :
Objective : To encrypt the queryString passed as URL params.

Eg. https://localhost:8443/T/dLoadAction.do?id_=567&discr=P
should be changed to https://localhost:8443/T/dLoadAction.do?enc=126938adjkdak78133189
or likewise.

1: I am already using https to prevent sniffing from outside, but here I am worried about the insiders poking into
somebody else's domain by tampering the id_ parameter etc.

2. I cannot use POST in these cases. ( And anyway they can also be tracked from the headers)

Note the below 2 cases : 1st one is a redirect from a saveAction to prevent duplicate transaction on refresh

a> In my struts.xml I have the below setup

b> In my Menu.jsp, I have the following

Can anybody please help me in this regard? I have fiddled a lot with the options which Google provided me, like
modifying the s:url / s:param to encrypt the params.
I also fiddled with ParametersInterceptor.
I tried that as well and many other things,but still none of them
work satisfactorily. Can somebody please shed some light on how this can be done?
This is a bit critical so I would really really .. really (yeah, 1 more to "really" show how I feel at the moment :banghead
appreciate if anybody could help me in this regards.

Thanks a lot for your time in advance.

P.S: I am also trying to implement an authorization mechanism which will enable me to track is somebody is trying to access any data which does not belong to him.
This involves a database querying for the logged in user and seeing to which entities he is actually tagged to. This will probably always work, but it becomes a maintenance nightmare,as we have to keep updating the query for any new types added and not to mention the multilevel querying for admins and so on.

It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic