Win a copy of Microservices Testing (Live Project) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

URL encoding and decoding

 
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello friends,

I need your help. Currently in my project i am making use of queryString .... but the query string is very obvious for users to play with like for e.g. " ?empNo=5123&&serviceNo=1204" I want to ENCODE this query String so that users do not understand what goes in the query string. Also on the server end i must be able to DECODE the query String and retrieve the name-value parameters from it. Is there any such facility available in the J2EE API ? I am using Tomcat 4.0, jdk1.4, and Struts. The specification that i am using is JSP 1.3 and Servlet 2.3. Please,...help me!

Million thanks in advance
Omkar Patkar.
[ July 12, 2007: Message edited by: Bear Bibeault ]
 
Sheriff
Posts: 67650
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are talking about encryption, not encoding. And yes, it's a good idea to encrypt critical values like primary keys.

I've moved this to the Security forum where you are likely to get more responses.
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
At the server side you may use many stuffs for decoding the query string.That should be be a problem.
But the question here is as how would you do encryption in the client side.I see javascript to be a option , but do not know as how it can encrypt query string.I am not aware of any built in encryption function in javascript.

I am not sure whether you can make use of Obfuscation in this situation.
 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Rahul Bhattacharjee:
But the question here is as how would you do encryption in the client side.


Why would you need to do encryption on the client side? The URL is encrypted on the server, and it's decrypted on the server.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:

Why would you need to do encryption on the client side? The URL is encrypted on the server, and it's decrypted on the server.



I thought the original poster wants to encrypt the values of the parameter in the client side before sending it to the server as query string.
So the encryption of the values need to be done in the client end only.

Am I missing something.
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Rahul Bhattacharjee:
Am I missing something.



I think you're missing the fact that the original post specifically mentions that the user (i.e., the one operating the web browser) should not be able to see the real values of the URL parameters. That means that the URL is created in encrypted form on the server, embedded in the web page, and then passed unchanged back to the server.
[ July 13, 2007: Message edited by: Ulf Dittmer ]
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hmmm.....Actually guys, the url user might receive in his email or through any other source but not while using the application. So its generated on the server side. Something like we have confirmation links while signing up for most of the sites.... very much similar to that. Well, while searching on net i bumped over this :-

QueryCrypt

i thought i will share this. In my project the URL is generated First in database and then sent as mail to user. So, i think i will have to look for another option. We are using Oracle 10g. I'll b back as soon as i get n e thing !


Thanks and Regards
Omkar Patkar.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My bad.Misunderstood the question.
reply
    Bookmark Topic Watch Topic
  • New Topic