Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypt URL parameters

 
Akshay D Joshi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I am working on jsp-Servlet application.
I want to encrypt url parameters at client side as soon as form is submitted as url can be viewed by intruders in between network of client and server .
Also url parameters should be decrypted at server side .
what technology to use?

javascript encryption is there ,but how to use it.?

Example

Actual URL:
www.mysite.com/Company?compID=111&compLoc=India

encrypted URL:
www.mysite.com/Company?compID=HTUf43HGFYG&compLoc=JHFTF42KJBYU
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34672
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Before even thinking about doing your own encryption:
1) You should use a form post so the method parameters aren't in the URL at all.
2) You should consider HTTPs so the data is really encrypted.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64970
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you do not need to encrypt the values for the end users, but are just worried about during transmission, just use SSL as Jeanne suggested.
 
Akshay D Joshi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the replay..
Yes i know the SSL but in our product it is already implemented..
My seniors want to make it in some other way..
So i thought only of javascript encryption...
Anyway .. i will research some more about it..

Thanks alot
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64970
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your "seniors" consider SSL insufficient, then they should have an idea of why that is, no? They should spell out clearly what kind of attack they're trying to guard against that SSL doesn't (or can't).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic