I am passing parameters in my url like this <html:form action="/record/details.do?judgmentTypeCode=PD&judgmentSequenceNumber=247551 &judtNumberYear=3> �//other fields <html:submit> Submit </html:submit> </html:form>
The query string data judgmentTypeCode, judgmentSequenceNumber and judtNumberYear are confidential and I don�t want their values to be shown in the url. How do I accomplish that. I want to pass values in url query string but at the same time i want them to be hidden or in an unregognizable encoded format so that the url is shown in
So I want to write a wrapper method in my Request processor (I am using struts) which would encode/decode the url query string values after the �.do� part. I want to do that in RequestProcessor because RequestProcessor processes every request. (not sure if thats a good idea)
The GOAL is , the user should not see the query string values in the url no matter what.
That�s what I have in mind. I am not sure if I am going in right direction. If any one has better ideas , I will greatly appreciate if you can share it with me.
Thanks J
Dom Lassy
Ranch Hand
Joined: May 05, 2006
Posts: 181
posted
0
Make them hidden form fields.
jay roy
Ranch Hand
Joined: Nov 16, 2006
Posts: 145
posted
0
unfortunately thats not an option. the values are not hardcoded, they are generated dynamically, for instance <html:form action="/record/details.do?judgmentTypeCode=<c ut value=${'type.code'}&judgmentSequenceNumber=<c ut value=${'judgmentSequence.Number'}> In <c ut value=${'judgmentSequence.Number'} :judgmentSequence.Number is dynamic value which i am getting from value-object 'judgmentSequence'
more over , if i want to pass say 10 or 20 values in query string , i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy. I have to pass values in URL, passing them as hidden fields or putting them in session is unfortunately not an option.
thanks J
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35221
7
posted
0
the values are not hardcoded, they are generated dynamically, for instance
I don't understand why that makes a difference. The JSP doesn't care whether it outputs values that are part of an URL, or which go into a form field.
if i want to pass say 10 or 20 values in query string, i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy.
Having 20 form fields is not unusual. Having 20 URL parameters is very unusual. Better to have a crappy JSP page (although I'm not sure why you'd think that) than to have a crappy URL [ March 06, 2007: Message edited by: Ulf Dittmer ]
I agree that hidden form fields would be much cleaner than putting all the values on the url, but you seem to be against that. In any case hidden fields are not very secure or private because they can easily be changed using simple tools and the value can be seen in the html source.
I read through an article at the site linked. It seems like it might do what you need.
- Brent
jay roy
Ranch Hand
Joined: Nov 16, 2006
Posts: 145
posted
0
thanks everybody, apprecite your input
yes hidden fields is an option but the most common way i feel is passing values in url, so i just want to keep passing values in url but make it secure.
>>>In any case hidden fields are not very secure or private yes , thats very true and url query string values are vulnerable too ,thats why i wanna secure them.
very intresting link brent. did you download and impliment that, just want to hear some reviews before i download.
thanks once again guys J
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35221
7
posted
0
the most common way i feel is passing values in url
But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?
but make it secure
In terms of security and/or privacy both methods are equal. Use HTTP authentication and/or HTTPS if you're concerned about that.
jay roy
Ranch Hand
Joined: Nov 16, 2006
Posts: 145
posted
0
>>>But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?
that was just an example. Dont take it literally brent's link is awesome, just what i want.
0
ut value=${'type.code'}&judgmentSequenceNumber=<c 
