• Post Reply Bookmark Topic Watch Topic
  • New Topic

Encoding the URL parameter

 
alpesh helwatkar
Ranch Hand
Posts: 30
Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

hi,

I have a web application based on J2EE architecture.

We have links on all the pages.

at one link i'm appending an additional parameter along with the regular URL in the JSP

is there any way that i can hide/encrypt/encode the parameter or maybe the whole URL??

the code that shows the url is :

<td width="85%" height="20" class="line27 borbot1"><a href="<%=request.getContextPath()%>/AcctSumary.do?id=<%=usrid%>" target="mainFrame" class="link" title="click here for linked accounts" >linked accounts</a></td>


where i have passed <%=usrid%> as the additional parameter to be encoded.

it is all numbers!!

i have declared the variable in the scriptlet in the same jsp as

<% String usrid = (String)session.getContextpath("CUSTOMERID");%>

the URL looks like this :

http://<machine_name>/<path>/Acctsummary.do?id=184041 on the status bar

I have used all javascript workaround to hide the status bar but the need is to get it encyrpted...

Please help

 
Deepak Dhamija
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is it that you wish to encrypt..

I mean if only the userId parameter..then there are number of ways to encrypt a number (and other hashing algorithms in to do the same).

The simplest would be to convert this ID to the corresponding ASCII character.. see below( you can add (append/pre-pend) dummy characters to your user id to make it "more" secure.. like abc<userid>xyz and pass it below)

public static String encrypt(String param)
{
String originalString=param.toUpperCase();
StringBuffer b=new StringBuffer();
char ch;
for(int i=0;i<originalString.length();i++)
{
ch=originalString.charAt(i);
int ascii=ch;
if(ascii>47 && ascii <58){
int s1=ascii+49;
b.append((char)s1);
}
else{
int c=ch+1;
b.append((char)c);
}
}
return b.toString();

}

correspondingly you can build a decrypt method as well...

To make it a full proof thing, then there is DES-EDE3 algorithm provided by Cryptix for the same..it will provide you with your security key..

Actually it all depends upon what the severity of exposing this param would be and to what level you would want it to be encrypted... and then what all overhead you are ready to take to encrypt and decrypt the same..
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't use the above-mentioned approach. That's really just an obfuscation, not an encryption, and provides no real security. For real encryption, use the JCE API (some links about that can be found in the http://faq.javaranch.com/java/SecurityFaq), which comes with the JRE - no need to use Cryptix for that.

As I've mentioned in the other thread where you raised this question (please don't do that, by the way - post questions once, and then maybe bump them after a few days if there are no responses), I'm questioning the need for this approach, and I think you should question it too. If you don't understand where this requirement is coming from, ask the client. Maybe you'll be able to suggest a better solution once you do. You can't meaningfully implement a system if you don't understand the rationale behind it, after all.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!