i already have HTTPS for my website, but what about the links such as https://www.mywebsite.com/myservlet.do?custid=786&orderid=1234&someOtherImportantParameter=5678
i dont want user to modify the value for custid, orderid and try to access someone else information.
You should only allow such operations for authenticated users, so that you can check whether the orderid should properly be accessible by the user in question.
If you really want to, you could use JCE for encrypting the query string, but that's not the proper solution to your problem - authentication is. [ June 01, 2006: Message edited by: Ulf Dittmer ]
i appreciate your alternative suggestions, but i am simply looking to encrypt/decrypt query string. i have searched on google, but i got some paid ones, i am looking for some free one which i can use in jsp.
You can't prevent people from sending corrupt data over http, whether using http or https. The https encryption is purely to deter snooping of the data in transit.
If you don't trust your users, use heavy serverside validation in combination with https post requests in order to make it as hard as possible for them to do something nasty.