• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

Encoding the URL parameter

Ranch Hand
Posts: 30
Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I have a web application based on J2EE architecture.

We have links on all the pages.

at one link i'm appending an additional parameter along with the regular URL in the JSP

is there any way that i can hide/encrypt/encode the parameter or maybe the whole URL??

the code that shows the url is :

<td width="85%" height="20" class="line27 borbot1"><a href="<%=request.getContextPath()%>/AcctSumary.do?id=<%=usrid%>" target="mainFrame" class="link" title="click here for linked accounts" >linked accounts</a></td>

where i have passed <%=usrid%> as the additional parameter to be encoded.

it is all numbers!!

i have declared the variable in the scriptlet in the same jsp as

<% String usrid = (String)session.getContextpath("CUSTOMERID");%>

the URL looks like this :

http://<machine_name>/<path>/Acctsummary.do?id=184041 on the status bar

I have used all javascript workaround to hide the status bar but the need is to get it encyrpted...

Please help

Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is it that you wish to encrypt..

I mean if only the userId parameter..then there are number of ways to encrypt a number (and other hashing algorithms in to do the same).

The simplest would be to convert this ID to the corresponding ASCII character.. see below( you can add (append/pre-pend) dummy characters to your user id to make it "more" secure.. like abc<userid>xyz and pass it below)

public static String encrypt(String param)
String originalString=param.toUpperCase();
StringBuffer b=new StringBuffer();
char ch;
for(int i=0;i<originalString.length();i++)
int ascii=ch;
if(ascii>47 && ascii <58){
int s1=ascii+49;
int c=ch+1;
return b.toString();


correspondingly you can build a decrypt method as well...

To make it a full proof thing, then there is DES-EDE3 algorithm provided by Cryptix for the same..it will provide you with your security key..

Actually it all depends upon what the severity of exposing this param would be and to what level you would want it to be encrypted... and then what all overhead you are ready to take to encrypt and decrypt the same..
Posts: 43081
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't use the above-mentioned approach. That's really just an obfuscation, not an encryption, and provides no real security. For real encryption, use the JCE API (some links about that can be found in the http://faq.javaranch.com/java/SecurityFaq), which comes with the JRE - no need to use Cryptix for that.

As I've mentioned in the other thread where you raised this question (please don't do that, by the way - post questions once, and then maybe bump them after a few days if there are no responses), I'm questioning the need for this approach, and I think you should question it too. If you don't understand where this requirement is coming from, ask the client. Maybe you'll be able to suggest a better solution once you do. You can't meaningfully implement a system if you don't understand the rationale behind it, after all.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic