Forums Register Login

Changing URL having long characters

+Pie Number of slices to send: Send
Hello,

I want to get advise as to how can I change www.example.com/servlet/Categories?option=1 to for example as follow:



How can I append extra random characters with my URL?

Thanks in anitcipation
+Pie Number of slices to send: Send
For what purpose? Why random characters? We need to know something about what you are actually trying to accomplish.
+Pie Number of slices to send: Send
I am trying to encrypt and then decrypt my URL in the way that end user doesn't understand what parameters I am getting in the URL for security purpose
+Pie Number of slices to send: Send
Let's try to clarify that goal a bit. Do you want that encryption to be done by the client, presumably a browser, so that the request sent from the client will contain encrypted parameters?

And also: why do you want to do that? Just saying "for security purpose" isn't very helpful -- security features should be directed against specific threats. What threats are you concerned about?
+Pie Number of slices to send: Send
What Paul said.

Additionally, security must come from the server. If you do not want to expose id values and such in the UI, then they should be encrypted before being sent to the client, which can use them to send them back in URLs in already-encrypted form. There's little to be gained from encrypting path parameters or request parameter names.

If anyone can type a URL into their browser and do something on your system that they are not supposed to, the security problem is on the server and not in the URLs or in the client code.

For example, let's say I type in something like: http://your.system.com/users/213456?command=delete

And let's say this is the URL to tell the system to delete user 213456. Regardless of whether 213456 is an encrypted value or not, if the system lets me do this if I do not have permissions to do so, then your server-side code has insufficient security.

Security should not be through obfuscation, but through thorough authentication and authorization checking. Note: authentication and authorization are not the same thing.

+Pie Number of slices to send: Send
Thanks for both favorable replies.

You are right security must be applied to server side but I have another scenario as well. I have written a program 5 years ago and the options sets to display contents e.g. http://my.mywebsite.com?option=1 //2,3,4,5
option=1 is displaying news, option=2 displaying buy, option=3 displaying sells leads and so on and so forth.
+Pie Number of slices to send: Send
 

Farakh khan wrote:You are right security must be applied to server side but I have another scenario as well. I have written a program 5 years ago and the options sets to display contents e.g. http://my.mywebsite.com?option=1 //2,3,4,5
option=1 is displaying news, option=2 displaying buy, option=3 displaying sells leads and so on and so forth.



And so? What's the security threat involved with somebody knowing that?
+Pie Number of slices to send: Send
1. It seems to me odd
2. Security threat I was talking for another website that is accepting payments on a website. I am passing contact info of the customer with card credentials to the bank gateway.
+Pie Number of slices to send: Send
1. It's not that odd; old-fashioned perhaps.

2. Use SSL and POST. You don't want that info on the URL, and you certainly don't want it passed in clear text even in the response body.
+Pie Number of slices to send: Send
 

Farakh khan wrote:2. Security threat I was talking for another website that is accepting payments on a website. I am passing contact info of the customer with card credentials to the bank gateway.



Now that's a better example. The way you encrypt that data is to use SSL, i.e. to use an https: URL instead of an http: URL. Under no circumstances should you try to write your own code to encrypt it, because your code won't be secure.
+Pie Number of slices to send: Send
Thanks again for your reply

1) Is URL encryption and decryption will not help in this case?
2) https auto encrypt and decrypt. The question is why I can not encrypt or decrypt it manually
+Pie Number of slices to send: Send
 

Farakh khan wrote:2) https auto encrypt and decrypt. The question is why I can not encrypt or decrypt it manually



Because your encryption won't be secure. SSL was designed by people who are competent cryptographers, so there's a reasonable chance it won't be broken. But you aren't a competent cryptographer so your encryption would easily be broken.
+Pie Number of slices to send: Send
Thanks for your great advise!!

Frankly speaking I not yet worked on https protocol. from where I can start?

Best regards
+Pie Number of slices to send: Send
+Pie Number of slices to send: Send
 

Paul Clapham wrote:But you aren't a competent cryptographer...



... so let's suppose you decided to put in the time to become a competent cryptographer. Once you do that, your question is going to be "So why should I reinvent SSL anyway?" There are possible reasons for that, including being able to write a PhD thesis on a topic in cryptography for example, but none of those reasons apply to your bank's need to keep your credit card number secure.

All that, of course, should be suffixed by "... as far as I know" because I'm not a competent cryptographer either.
If you look closely at this tiny ad, you will see five bicycles and a naked woman:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 804 times.
Similar Threads
Access url through proxy
Using import in wsdl
How to recognize redirects?
Java 2 Web Developer Certification Study Guide by Natalie Levi, Phillip Heller.
How to monitor log file in jboss for sending mails,when error or excetion found in log
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 07:20:56.