• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Encrypting HTML parameter when using GET

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, would like to hide data or parameter on URL when sending using GET ... I believe the possible way is to encrypt that parameter but not sure how to. Are there any examples somewhere?
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What are you trying to protect against?
 
Songezo Nkukwana
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:What are you trying to protect against?



Well, the user viewing the page ... They mustn't see the passed parameter
 
Sheriff
Posts: 22563
122
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Then you should use POST, not GET.
 
Ulf Dittmer
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Then you need to encrypt the parameter on the server-side before sending it to the client. And if it's encrypted, then there's no problem with showing it in the URL, because the user can't make sense of it.

A better alternative to round-tripping a value to the client and back would be to store it in a server-side session, though.
 
Songezo Nkukwana
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Then you need to encrypt the parameter on the server-side before sending it to the client. And if it's encrypted, then there's no problem with showing it in the URL, because the user can't make sense of it.

A better alternative to round-tripping a value to the client and back would be to store it in a server-side session, though.



Thanks, will look at these options
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic