• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

hide parameters on url jsp

 
anvi kon
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm sending the url like below.


http://localhost:8080/Webpage/employee.jsp?month=2&day=20&year=2010&category=WEB&B1=Submit.

I want to mask the parameters on the url for the user.

I'm using the GET method. I know if I use the post method I can hide the parameters., but I have to pass the parameters to the query the database.


Is there any other option , to hide the parameters on the URL?

Can anyone hlep me please?

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65124
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why?

If the answer is "security", don't even bother. "Hiding" the parameters in a POST is not secure.
 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the "why you want to do this" is an important topic which you need to evaluate.

However, keep in mind that whether your action to your servlet is a POST or GET doesn't really matter to the servlet - in both cases, you get access to the request parameters in the same way.

Why do you think your page can use GET but not POST?

 
anvi kon
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

This is my problem,

I have a browser which they can select day , mon and year submit the button,

Well the user doesn't want to browse and select the options thorough a browser.


They just want the url.

so I'm giving only the url by passing paramters to the query.


I'm sending the url like below.


http://localhost:8080/Webpage/employee.jsp?month=2...ar=2010&B1=Submit


select empname, deptname, empid from the employee where day= 02 and month = 02 and year= 2010.

Is there any other option to do it?




 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, that's the correct way to format a GET request URL. Why are you looking for another way? That one works perfectly well.
 
anvi kon
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But the user doesn't want to see the parameters on the url. Can I hide it some for the user?
 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the result of the user clicking on that link? Does it show the page with the date selection controls showing the desired values by default?

If so, then why not just have the page controller (servlet) that prepares that page assign the default values when the page is rendered?
For example, rather than having the link take the user to employee.jsp, have the link take the user to a servlet. Have the servlet determine what the default values should be (in the same way you determined them when you originally constructed the original link), then have the servlet set session attributes (or whatever you want) and forward to the employee.jsp page. The JSP page can now use those session attributes to assign the values to the date controls.

Hope this helps,

 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, you can't. But why does the user care? I know I don't care when my google searches have URL parameters on them and I wouldn't dream of asking Google to hide them.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They just want the url.


But the user doesn't want to see the parameters on the url.


So they want the URL with parameters without parameters? Do they understand basic web technology? Sometimes one needs to educate clients on what is and is not possible.
 
anvi kon
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the link shows only the data no controls.

if the user clicks the link, they see only the data not the contols to select the date, month and year?

 
Mark E Hansen
Ranch Hand
Posts: 650
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anvi kon wrote:the link shows only the data no controls.

if the user clicks the link, they see only the data not the contols to select the date, month and year?


You've lost me. Of course the controls would not be on the URL - they're display objects, not text that can be appended to a URL.

In my previous post I asked: "What is the result of the user clicking on that link?"

Perhaps if you answered that, it would be easier to understand what you're trying to do.

 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm just guessing. I'll bet the site owner doesn't want users to be able to "forcefully browse" the site and change the date parameters in the URL.

If there are things they aren't supposed to see on other pages, then you need some access control scheme. This is not achieved by hiding parameters.

If the site owner wants to to enforce some kind of sequential order to the way people are browsing, then have some session variables to show that the user is allowed to progress to such and such a date.

I suppose, if on top of that, the site owner still wants to hide the parameters, you could invent some kind of obfuscation scheme
where instead of http://localhost:8080/Webpage/employee.jsp?month=2&year=2010

they would see http://localhost:8080/Webpage/employee/zi9097f0sdf0s/0sf8d8s8df0sdf0s/

and on the servlet side, you translate those codes into the month,day, and year?
 
Mahesh Kedari
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Like Tim is suggesting, You can use URL encryption technique for hiding parameters.
But below sentence is confusing me

They just want the url.

so I'm giving only the url by passing paramters to the query.


Does that mean you want to publish this URL to client? If so then in that case encryption or parameter hiding does not make sense.
But if URL is getting fired on some event then encryption can be used. This is what most of the internet banking sites use.
 
anvi kon
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please give me some examples? How would I enncrypt the url on jsp page?

 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anvi kon wrote:Can you please give me some examples? How would I enncrypt the url on jsp page?



There are two parts. Part one is adjusting your web server to put the URLS in "friendly format" that is,
http://localhost:8080/employees/day/month/year
instead of
http://localhost:8080/employees?day=22&month=11&year=2009

this is covered here: http://www.coderanch.com/t/481822/Servlets/java/Servlet-URL-parameters

part two is encrypting the parts, which is covered here:
http://stackoverflow.com/questions/123976/url-encryption-in-java
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic