Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypting the Query String!

 
Anirban Chowdhury
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All Ranchers,

Struts Version : 2.2.1.1
Objective : To encrypt the queryString passed as URL params.

Eg. https://localhost:8443/T/dLoadAction.do?id_=567&discr=P
should be changed to https://localhost:8443/T/dLoadAction.do?enc=126938adjkdak78133189
or likewise.

1: I am already using https to prevent sniffing from outside, but here I am worried about the insiders poking into
somebody else's domain by tampering the id_ parameter etc.

2. I cannot use POST in these cases. ( And anyway they can also be tracked from the headers)

Note the below 2 cases : 1st one is a redirect from a saveAction to prevent duplicate transaction on refresh

a> In my struts.xml I have the below setup

b> In my Menu.jsp, I have the following



Can anybody please help me in this regard? I have fiddled a lot with the options which Google provided me, like
modifying the s:url / s:param to encrypt the params.
I also fiddled with ParametersInterceptor.
I tried that as well and many other things,but still none of them
work satisfactorily. Can somebody please shed some light on how this can be done?
This is a bit critical so I would really really .. really (yeah, 1 more to "really" show how I feel at the moment :banghead
appreciate if anybody could help me in this regards.

Thanks a lot for your time in advance.
Anirban.


P.S: I am also trying to implement an authorization mechanism which will enable me to track is somebody is trying to access any data which does not belong to him.
This involves a database querying for the logged in user and seeing to which entities he is actually tagged to. This will probably always work, but it becomes a maintenance nightmare,as we have to keep updating the query for any new types added and not to mention the multilevel querying for admins and so on.








 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic