Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how do i encrypt/decrypt query string.

 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
how do i encrypt/decrypt query string.
 
Reza Rav.
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If with query String you mean HTTP request/response body, I think (not sure) the only way is to use HTTPS
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i already have HTTPS for my website, but what about the links such as https://www.mywebsite.com/myservlet.do?custid=786&orderid=1234&someOtherImportantParameter=5678

i dont want user to modify the value for custid, orderid and try to access someone else information.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should only allow such operations for authenticated users, so that you can check whether the orderid should properly be accessible by the user in question.

If you really want to, you could use JCE for encrypting the query string, but that's not the proper solution to your problem - authentication is.
[ June 01, 2006: Message edited by: Ulf Dittmer ]
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i appreciate your alternative suggestions, but i am simply looking to encrypt/decrypt query string. i have searched on google, but i got some paid ones, i am looking for some free one which i can use in jsp.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure what you mean by "paid ones" and "free ones", but JCE can be downloaded from java.sun.com.
 
hasan khan
Ranch Hand
Posts: 223
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok, do u have any simple example of encrypting/decrypting a String using JCE
 
Jeroen T Wenting
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't prevent people from sending corrupt data over http, whether using http or https.
The https encryption is purely to deter snooping of the data in transit.

If you don't trust your users, use heavy serverside validation in combination with https post requests in order to make it as hard as possible for them to do something nasty.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by hasaN khaN:
ok, do u have any simple example of encrypting/decrypting a String using JCE


Did you miss the link in my earlier post? That's as bare-bones as it gets.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic