File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Encrypt URL parameters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Encrypt URL parameters" Watch "Encrypt URL parameters" New topic
Author

Encrypt URL parameters

Akshay D Joshi
Greenhorn

Joined: Aug 04, 2011
Posts: 9
Hi, I am working on jsp-Servlet application.
I want to encrypt url parameters at client side as soon as form is submitted as url can be viewed by intruders in between network of client and server .
Also url parameters should be decrypted at server side .
what technology to use?

javascript encryption is there ,but how to use it.?

Example

Actual URL:
www.mysite.com/Company?compID=111&compLoc=India

encrypted URL:
www.mysite.com/Company?compID=HTUf43HGFYG&compLoc=JHFTF42KJBYU
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29248
    
139

Before even thinking about doing your own encryption:
1) You should use a form post so the method parameters aren't in the URL at all.
2) You should consider HTTPs so the data is really encrypted.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60056
    
  65

If you do not need to encrypt the values for the end users, but are just worried about during transmission, just use SSL as Jeanne suggested.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Akshay D Joshi
Greenhorn

Joined: Aug 04, 2011
Posts: 9
Thanks for the replay..
Yes i know the SSL but in our product it is already implemented..
My seniors want to make it in some other way..
So i thought only of javascript encryption...
Anyway .. i will research some more about it..

Thanks alot
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60056
    
  65

Why?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
If your "seniors" consider SSL insufficient, then they should have an idea of why that is, no? They should spell out clearly what kind of attack they're trying to guard against that SSL doesn't (or can't).


Ping & DNS - updated with new look and Ping home screen widget
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Encrypt URL parameters
 
Similar Threads
how to model person and company?
URL Encryption
servlet mapping clarification
Encryption-decryption file problem
Reading parameters in Servlet passed from Client