Hello,
I am using struts to develop a web-application. The problem I am facing is that, often the links in my pages show too much information to user.
e.g. /viewDetails.html?method=save&userId=10
Surely this is not a problem if I do forwards. But these links are getting generated at runtime as user performs certain operations and then are embeded in page.
I think encrypting the urls can be a solution by using filter. But I am not sure how to do it. Or is there any open-source filter that can do it for me.
Thanks,
-
encypting URL shown in client browser (2 messages)
- Posted by: Yogesh Patil
- Posted on: January 18 2006 06:25 EST
Threaded Messages (2)
- encypting URL shown in client browser by Sowmya Sridhar on January 19 2006 12:04 EST
- encypting URL shown in client browser by Rich Dredge on January 19 2006 15:51 EST
-
encypting URL shown in client browser[ Go to top ]
- Posted by: Sowmya Sridhar
- Posted on: January 19 2006 12:04 EST
- in response to Yogesh Patil
Is there no way u can use a POST instead of a GET - then the params dont come as a part of the URL String and normal SSL handles encryption for u -
encypting URL shown in client browser[ Go to top ]
- Posted by: Rich Dredge
- Posted on: January 19 2006 15:51 EST
- in response to Yogesh Patil
If the transaction is SSL, it doesn't matter it is a GET or a POST, it will be encrypted.
I guess the issue you are asking how can you hide things like "method=save", so people don't maliciously do something like "method=add"?