Discussions

Web tier: servlets, JSP, Web frameworks: encypting URL shown in client browser

  1. encypting URL shown in client browser (2 messages)

    Hello,
     I am using struts to develop a web-application. The problem I am facing is that, often the links in my pages show too much information to user.

     e.g. /viewDetails.html?method=save&userId=10

     Surely this is not a problem if I do forwards. But these links are getting generated at runtime as user performs certain operations and then are embeded in page.
     I think encrypting the urls can be a solution by using filter. But I am not sure how to do it. Or is there any open-source filter that can do it for me.

    Thanks,
  2. Is there no way u can use a POST instead of a GET - then the params dont come as a part of the URL String and normal SSL handles encryption for u
  3. encypting URL shown in client browser[ Go to top ]

    If the transaction is SSL, it doesn't matter it is a GET or a POST, it will be encrypted.

    I guess the issue you are asking how can you hide things like "method=save", so people don't maliciously do something like "method=add"?