Hi
I do not want the end user to see the params that i pass from my jsp(for eg http://localhost:8080/xyz?param1=RRR¶m2=RRR)
I am using Struts. Does somebody know how to encrypt/hide the URL params in Struts.
Please help as this is a major security concern...
Thanks
Sid
> If you use doPost method instead doGet() , it will be
> automatically hidden
This is actually not true. If you use <form method="post">, then the parameters will not be passed via the URI query string but via the POST headers and the HttpServlet#doPost() will be invoked. If you use <form method="get"> or use ordinary query links, then the parameters will be passed via the URI query string and the HttpServlet#doGet() will be invoked.
Struts can't do anything. It executes on server side and not on client side!!
To hide the parameters, use a post action in your jsp. (<form method="POST" action="/yourAction.do">
)
If you would realy like a securized web application, so use https.
If you really wanna secure the request parameters making a POST request is the best method which i can think off.
If you are making a GET request guess u'd be complicating your self.
i don't know whether this helps but here are few articles of how you normally encrypt url data
http://www.anupsabbi.com/index.php?content=articles/java/url_data_encryption.html
and through the below url is talking about the case of .NET yet it could be very well used to what you wanna acheive
http://dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:32710
Hi
This looks like a great workaround. However am getting null pointer exception when i try to encrypt something
String strTest123 = QueryCrypt.getInstance().encrypt(request, strTest);
java.lang.NullPointerException
at com.guhesan.querycrypt.QueryCrypt.encrypt(QueryCrypt.java:67)
Please note that the request nor the string is null here. The required classes are all getting loaded properly.
Please help
Thanks
