Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Filters ! Request URL handling

 
Awais Bajwa
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
I have a problem with the url parameter sending for my servlet sending Get request. so all the variables are visible in the URL.
like http://server:8080/servlet/Myservlet?param1=90¶m2=20¶m3=50
I want to encrypt these parameters using fitlers so that one could not see them . Is it possible using servelt Fileters.
Regards
Awais Bajwa
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34681
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Awais,
If you just want to make it so the user can't see the parameter values, use "post" instead of "get" for form submission. Then the values won't be in the URL at all.
If you really want to encrypt the parameters over the network, you need to use https. Servlet filters won't help you because the filter takes affect once the request gets to the server, not on the user's machine.
 
Awais Bajwa
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
THanks Jeanne,
Well i dont want to use Post request, this is my limitation lets say.
Now please tell using https what whould be the benifits?
i dont think that url parameters will be encrypted using https.
lets say http://server:8080/one/servlet/TestServlet?a=90&b=90
I want 'a' and 'b' hidden and not visible in the url, is it possible using https.
?
regards
Awais Bajwa
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34681
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, https will encrypt the data over the network (for anyone with a packet sniffer.) It will still display in the location bar.
Do you mind if I ask why you don't want to or can't use post? Also, keep in mind that someone can find out that "a" and "b" are your field names just by looking at your source code.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic