Re: Encode/Encrypt url parameters?
Maybe U can use javascript to set the value of parameters to hidden fields?? - Original Message - From: David Erickson [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 3:32 AM Subject: Re: Encode/Encrypt url parameters? Aye Encrypt is exactly what I'm needing to do. Thanks! -David - Original Message - From: Dhaliwal, Pritpal (HQP) [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 6:04 PM Subject: RE: Encode/Encrypt url parameters? I think you really mean encrypt.. Not just code and decode.. Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html URLDecoder is and URLEncoder is put put those %20 instead of space in the URL I think.. Doesn't really add any security to what is URLEncoded. I guess you can get the encrypted value.. URLEncode it.. Put it as a hidden parameter. Then decrypt it when you get back.. The little tutorial/code I linked should help you. Pritpal Dhaliwal -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 4:42 PM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Encode/Encrypt url parameters?
I wrote a CryptoFactory to take care of this. We use it for cross domain session validation. // example code: CryptoFactory cf = CryptoFactory.create(aPassword,PBEWithMD5AndDES); Date goodUntil = new Date(System.currentTimeMillis()+somePeriodMs); String token = cf.encryptUrl(+goodUntil.getTime()); request.setAttribute(token, token); Then, we have a CryptoFilter which looks for a param to validate locally with the same password and algorithm. The result is the +timeLongMillis of when the token is good until which I compare to now. Any kind of String data can be encrypted, we just use what I wrote as kind of a key that's only good for so long to download reports from another server with the CryptoFilter installed. If anyone's interested in the source code (two classes and an exception class), feel free to email me DIRECTLY. US Export laws apply here ;-) -Jacob -Original Message- From: Jim Theodoridis [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 10:45 AM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? Maybe U can use javascript to set the value of parameters to hidden fields?? - Original Message - From: David Erickson [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 3:32 AM Subject: Re: Encode/Encrypt url parameters? Aye Encrypt is exactly what I'm needing to do. Thanks! -David - Original Message - From: Dhaliwal, Pritpal (HQP) [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 6:04 PM Subject: RE: Encode/Encrypt url parameters? I think you really mean encrypt.. Not just code and decode.. Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html URLDecoder is and URLEncoder is put put those %20 instead of space in the URL I think.. Doesn't really add any security to what is URLEncoded. I guess you can get the encrypted value.. URLEncode it.. Put it as a hidden parameter. Then decrypt it when you get back.. The little tutorial/code I linked should help you. Pritpal Dhaliwal -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 4:42 PM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Encode/Encrypt url parameters?
Jacob, I would be interested in looking at your solution for this problem. Thanks in advance. Regards, Todd -Original Message- From: Hookom, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 12:00 PM To: Struts Users Mailing List Subject: RE: Encode/Encrypt url parameters? I wrote a CryptoFactory to take care of this. We use it for cross domain session validation. // example code: CryptoFactory cf = CryptoFactory.create(aPassword,PBEWithMD5AndDES); Date goodUntil = new Date(System.currentTimeMillis()+somePeriodMs); String token = cf.encryptUrl(+goodUntil.getTime()); request.setAttribute(token, token); Then, we have a CryptoFilter which looks for a param to validate locally with the same password and algorithm. The result is the +timeLongMillis of when the token is good until which I compare to now. Any kind of String data can be encrypted, we just use what I wrote as kind of a key that's only good for so long to download reports from another server with the CryptoFilter installed. If anyone's interested in the source code (two classes and an exception class), feel free to email me DIRECTLY. US Export laws apply here ;-) -Jacob -Original Message- From: Jim Theodoridis [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 10:45 AM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? Maybe U can use javascript to set the value of parameters to hidden fields?? - Original Message - From: David Erickson [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 3:32 AM Subject: Re: Encode/Encrypt url parameters? Aye Encrypt is exactly what I'm needing to do. Thanks! -David - Original Message - From: Dhaliwal, Pritpal (HQP) [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 6:04 PM Subject: RE: Encode/Encrypt url parameters? I think you really mean encrypt.. Not just code and decode.. Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html URLDecoder is and URLEncoder is put put those %20 instead of space in the URL I think.. Doesn't really add any security to what is URLEncoded. I guess you can get the encrypted value.. URLEncode it.. Put it as a hidden parameter. Then decrypt it when you get back.. The little tutorial/code I linked should help you. Pritpal Dhaliwal -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 4:42 PM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Encode/Encrypt url parameters?
David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Encode/Encrypt url parameters?
I think you really mean encrypt.. Not just code and decode.. Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html URLDecoder is and URLEncoder is put put those %20 instead of space in the URL I think.. Doesn't really add any security to what is URLEncoded. I guess you can get the encrypted value.. URLEncode it.. Put it as a hidden parameter. Then decrypt it when you get back.. The little tutorial/code I linked should help you. Pritpal Dhaliwal -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 4:42 PM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Encode/Encrypt url parameters?
Aye Encrypt is exactly what I'm needing to do. Thanks! -David - Original Message - From: Dhaliwal, Pritpal (HQP) [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 6:04 PM Subject: RE: Encode/Encrypt url parameters? I think you really mean encrypt.. Not just code and decode.. Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html URLDecoder is and URLEncoder is put put those %20 instead of space in the URL I think.. Doesn't really add any security to what is URLEncoded. I guess you can get the encrypted value.. URLEncode it.. Put it as a hidden parameter. Then decrypt it when you get back.. The little tutorial/code I linked should help you. Pritpal Dhaliwal -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 4:42 PM To: Struts Users Mailing List Subject: Re: Encode/Encrypt url parameters? David: It's been a real long day and my brain's fuzzing over.. but I'm assuming you know all about java.net.URLDecoder and java.net.URLEncoder..? geeta David Erickson wrote: Hi I was wondering if there are any easy to use Java classes or otherwise that could be used to encrypt or encode url parameters? Basically what I want to do is this: Action (encodes the url parameters, puts them into the request object) - forwards to jsp containing a link that grabs those parameters from the request - click link takes you to an Action that decodes and uses them. The parameters are to files on our site.. its no big deal because they are in the web-inf directory and unaccessable from the web but I'd rather hide them from the surfers anyway. Is there any good way to do this? Thanks, David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]