struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hookom, Jacob" <Jacob.Hoo...@redline.mckhboc.com>
Subject RE: Encode/Encrypt url parameters?
Date Wed, 25 Feb 2004 17:00:27 GMT
I wrote a CryptoFactory to take care of this.  We use it for cross domain
session validation.

// example code:
CryptoFactory cf = CryptoFactory.create("aPassword","PBEWithMD5AndDES");
Date goodUntil = new Date(System.currentTimeMillis()+somePeriodMs);
String token = cf.encryptUrl(""+goodUntil.getTime());
request.setAttribute("token", token);



Then, we have a CryptoFilter which looks for a param to validate locally
with the same password and algorithm.  The result is the ""+timeLongMillis
of when the token is good until which I compare to now.

Any kind of String data can be encrypted, we just use what I wrote as kind
of a key that's only good for so long to download reports from another
server with the CryptoFilter installed.

If anyone's interested in the source code (two classes and an exception
class), feel free to email me DIRECTLY.  US Export laws apply here ;-)

-Jacob

-----Original Message-----
From: Jim Theodoridis [mailto:struts@tera.gr] 
Sent: Wednesday, February 25, 2004 10:45 AM
To: Struts Users Mailing List
Subject: Re: Encode/Encrypt url parameters?

Maybe U can use javascript to set the value of parameters to hidden fields??




----- Original Message -----
From: "David Erickson" <derickson@cmcflex.com>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Sent: Wednesday, February 25, 2004 3:32 AM
Subject: Re: Encode/Encrypt url parameters?


> Aye Encrypt is exactly what I'm needing to do.  Thanks!
> -David
>
> ----- Original Message -----
> From: "Dhaliwal, Pritpal (HQP)" <Pritpal.Dhaliwal@rhi.com>
> To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> Sent: Tuesday, February 24, 2004 6:04 PM
> Subject: RE: Encode/Encrypt url parameters?
>
>
> > I think you really mean encrypt.. Not just code and decode..
> >
> > Look at this: http://javaalmanac.com/egs/javax.crypto/DesFile.html
> >
> > URLDecoder is and URLEncoder is put put those %20 instead of space in
the
> > URL I think.. Doesn't really add any security to what is URLEncoded.
> >
> > I guess you can get the encrypted value.. URLEncode it.. Put it as a
> hidden
> > parameter.  Then decrypt it when you get back.. The little tutorial/code
I
> > linked should help you.
> >
> > Pritpal Dhaliwal
> >
> >
> > -----Original Message-----
> > From: Geeta Ramani [mailto:geeta.ramani@cmpco.com]
> > Sent: Tuesday, February 24, 2004 4:42 PM
> > To: Struts Users Mailing List
> > Subject: Re: Encode/Encrypt url parameters?
> >
> >
> > David:
> >
> > It's been a real long day and my brain's fuzzing over.. but I'm assuming
> you
> > know all about java.net.URLDecoder and java.net.URLEncoder..? geeta
> >
> > David Erickson wrote:
> >
> > > Hi I was wondering if there are any easy to use Java classes or
> > > otherwise that could be used to encrypt or encode url parameters?
> > > Basically what I want to do is this:
> > >
> > > Action (encodes the url parameters, puts them into the request object)
> > > -> forwards to jsp containing a link that grabs those parameters from
> > > the request -> click link takes you to an Action that decodes and uses
> > > them.
> > >
> > > The parameters are to files on our site.. its no big deal because they
> > > are in the web-inf directory and unaccessable from the web but I'd
> > > rather hide them from the surfers anyway.  Is there any good way to do
> > > this?
> > >
> > > Thanks,
> > > David
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message