Thomas Joseph wrote:
> Sorry! The URL needs to be encrypted. The requirement is that the client 
> should not be able to see the URLs as plain text on the browser address bar.
>   
I had to solve a similar problem once and I ended up creating an
n-character string as a key to look up the "real" URL in a DB. So they'd
visit my "decryptor" URL and pass in the key as a GET param:

www.foobar.com/baz?key=kei2fn5cml7e5ig3fh8dm or whatever.

The baz page would get the real URL from the DB and forward them the
results.

This ended up causing a lot of problems.

I dunk (past-tense of "dinked") around with encrypting (using JCE)
individual parameters and a group of parameters, which worked better on
that particular site because a command was also passed in (like...
.../baz?do=928fhnjj3je893jnfa8 would unencrypt into ?command=del&id=101)
and this worked quite a bit better, especially once I put the decrypt
stuff into a base request handler (non-Struts site) and all was well.

I guess that doesn't really answer your question, but maybe it'll spark
some better ideas. When you figure it out, it might be nice to follow up
to the list as I smell a general-purpose tool here. Maybe I'll dig out
the work I did as well.

Dave



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to