• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

encode and decode url query string values

 
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi guys

I am passing parameters in my url like this
<html:form action="/record/details.do?judgmentTypeCode=PD&judgmentSequenceNumber=247551 &judtNumberYear=3>
�//other fields
<html:submit> Submit </html:submit>
</html:form>

The query string data judgmentTypeCode, judgmentSequenceNumber and judtNumberYear are confidential and I don�t want their values to be shown in the url. How do I accomplish that. I want to pass values in url query string but at the same time i want them to be hidden or in an unregognizable encoded format so that the url is shown in

browser as

/record/details.do?EncodedGARBAGEValue

I want to use the encoded and decoded technique to encode and decode the url query string values by using this code
http://www.exampledepot.com/egs/javax.crypto/DesString.html

So I want to write a wrapper method in my Request processor (I am using struts) which would encode/decode the url query string values after the �.do� part. I want to do that in RequestProcessor because RequestProcessor processes every request. (not sure if thats a good idea)

The GOAL is , the user should not see the query string values in the url no matter what.

That�s what I have in mind. I am not sure if I am going in right direction. If any one has better ideas , I will greatly appreciate if you can share it with me.


Thanks
J
 
Ranch Hand
Posts: 181
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Make them hidden form fields.
 
jay roy
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
unfortunately thats not an option. the values are not hardcoded, they are generated dynamically, for instance
<html:form action="/record/details.do?judgmentTypeCode=<c ut value=${'type.code'}&judgmentSequenceNumber=<c ut value=${'judgmentSequence.Number'}>
In <c ut value=${'judgmentSequence.Number'} :judgmentSequence.Number is dynamic value which i am getting from value-object 'judgmentSequence'

more over , if i want to pass say 10 or 20 values in query string , i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy.
I have to pass values in URL, passing them as hidden fields or putting them in session is unfortunately not an option.

thanks
J
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

the values are not hardcoded, they are generated dynamically, for instance


I don't understand why that makes a difference. The JSP doesn't care whether it outputs values that are part of an URL, or which go into a form field.

if i want to pass say 10 or 20 values in query string, i dont want to use 10 or 20 hidden fields, it makes the jsp page crappy.


Having 20 form fields is not unusual. Having 20 URL parameters is very unusual. Better to have a crappy JSP page (although I'm not sure why you'd think that) than to have a crappy URL
[ March 06, 2007: Message edited by: Ulf Dittmer ]
 
Ranch Hand
Posts: 948
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree that hidden form fields would be much cleaner than putting all the values on the url, but you seem to be against that. In any case hidden fields are not very secure or private because they can easily be changed using simple tools and the value can be seen in the html source.

Check out this post:
https://coderanch.com/t/55543/Struts/Struts-Security-Extension

I read through an article at the site linked. It seems like it might do what you need.

- Brent
 
jay roy
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks everybody, apprecite your input

yes hidden fields is an option but the most common way i feel is passing values in url, so i just want to keep passing values in url but make it secure.

>>>In any case hidden fields are not very secure or private
yes , thats very true and url query string values are vulnerable too ,thats why i wanna secure them.

very intresting link brent. did you download and impliment that, just want to hear some reviews before i download.

thanks once again guys
J
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

the most common way i feel is passing values in url


But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?

but make it secure


In terms of security and/or privacy both methods are equal. Use HTTP authentication and/or HTTPS if you're concerned about that.
 
jay roy
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
>>>But it's not - certainly not for 20 parameters. Where do you ever see URLs with so many parameters?

that was just an example. Dont take it literally brent's link is awesome, just what i want.

thanks guys
J
reply
    Bookmark Topic Watch Topic
  • New Topic