Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

how do i encrypt/decrypt query string.

 
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
how do i encrypt/decrypt query string.
 
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If with query String you mean HTTP request/response body, I think (not sure) the only way is to use HTTPS
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i already have HTTPS for my website, but what about the links such as https://www.mywebsite.com/myservlet.do?custid=786&orderid=1234&someOtherImportantParameter=5678

i dont want user to modify the value for custid, orderid and try to access someone else information.
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should only allow such operations for authenticated users, so that you can check whether the orderid should properly be accessible by the user in question.

If you really want to, you could use JCE for encrypting the query string, but that's not the proper solution to your problem - authentication is.
[ June 01, 2006: Message edited by: Ulf Dittmer ]
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i appreciate your alternative suggestions, but i am simply looking to encrypt/decrypt query string. i have searched on google, but i got some paid ones, i am looking for some free one which i can use in jsp.
 
Ulf Dittmer
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure what you mean by "paid ones" and "free ones", but JCE can be downloaded from java.sun.com.
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok, do u have any simple example of encrypting/decrypting a String using JCE
 
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't prevent people from sending corrupt data over http, whether using http or https.
The https encryption is purely to deter snooping of the data in transit.

If you don't trust your users, use heavy serverside validation in combination with https post requests in order to make it as hard as possible for them to do something nasty.
 
Ulf Dittmer
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by hasaN khaN:
ok, do u have any simple example of encrypting/decrypting a String using JCE



Did you miss the link in my earlier post? That's as bare-bones as it gets.
 
Yes, of course, and I accept that blame. In fact, i covet that blame. As does this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic