• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

encrypted text in url

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am looking for an encryption method that can be used to encrypt a string and put it in URL parm or HTML form input text. The JCE provides a lot of providers and algorithm, but I don't know how I can use JCE to encrypt a text and put it in html form input or URL. Please point me to the direction.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While there is no principal difficulty in using hidden form fields, a better approach would be not to round-trip it: what the user doesn't see, he can't decrypt. How about keeping it in a server session?
 
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use the URLEncoder#encodeUrl method to.

If it's jsp, you may just want to use the jstl c:url tag. Only the query parms get encoded (the stuff after ?) if I'm not mistaken.
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tsang,
Encoding and encryption aren't the same thing. Encoding just prevents certain characters from being an a URL. For example %20 is the encoding of space for URLs. This hardly requires any skill to un-encode. Encryption is mean to actually protect the data. I agree with Ulf. Not sending it to the browser is way more secure.
 
K. Tsang
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jeanne for pointing out the difference.
 
Author
Posts: 53
7
MySQL Database Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do not try to do crypto yourself, you are doomed to failure in my opinion. Use a well vetted security library like Google KeyCzar. https://code.google.com/p/keyczar/

Aloha,
 
reply
    Bookmark Topic Watch Topic
  • New Topic