>> is logging out to the login screen, so I have to give links like >> >> http://localhost:8080/UNOT/User/ViewProfile.action?id=1&passwd > =643def90&app_login=Login >> >> So, is there any way to encrypt the url? > > Bad idea. But yes, and it is not a struts issue. So I will ask why can't you > use > a session?
I would like to second that this is a bad idea. You should sha/md5 your password before sending it. This of course is client side and you could do that with javascript. You could use this: http://www.bichlmeier.info/sha256.html Anyway, people might be able to snif this encrypted password and use the encrypted version to login. The only benefit is they do not own the clear password, which might be used for other apps as email. Therefore you should go to https:// > > >> >> -- >> View this message in context: >> http://struts.1045723.n5.nabble.com/How-to-encrypt-the-url-tp4 > 644406p4644406.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> > > > > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - - > - Jason Pyeron PD Inc. http://www.pdinc.us - > - Principal Consultant 10 West 24th Street #100 - > - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - > - - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > This message is copyright PD Inc, subject to license 20080407P00. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- http://www.grobmeier.de --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
