I am using struts to develop a web-application. The problem I am facing is that, often the links in my pages show too much information to user.
Surely this is not a problem if I do forwards. But these links are getting generated at runtime as user performs certain operations and then are embeded in page.
I think encrypting the urls can be a solution by using filter. But I am not sure how to do it. Or is there any open-source filter that can do it for me.
Is there no way u can use a POST instead of a GET - then the params dont come as a part of the URL String and normal SSL handles encryption for u
If the transaction is SSL, it doesn't matter it is a GET or a POST, it will be encrypted.
I guess the issue you are asking how can you hide things like "method=save", so people don't maliciously do something like "method=add"?