Thomas Joseph wrote: > Sorry! The URL needs to be encrypted. The requirement is that the client > should not be able to see the URLs as plain text on the browser address bar. > I had to solve a similar problem once and I ended up creating an n-character string as a key to look up the "real" URL in a DB. So they'd visit my "decryptor" URL and pass in the key as a GET param:
www.foobar.com/baz?key=kei2fn5cml7e5ig3fh8dm or whatever. The baz page would get the real URL from the DB and forward them the results. This ended up causing a lot of problems. I dunk (past-tense of "dinked") around with encrypting (using JCE) individual parameters and a group of parameters, which worked better on that particular site because a command was also passed in (like... .../baz?do=928fhnjj3je893jnfa8 would unencrypt into ?command=del&id=101) and this worked quite a bit better, especially once I put the decrypt stuff into a base request handler (non-Struts site) and all was well. I guess that doesn't really answer your question, but maybe it'll spark some better ideas. When you figure it out, it might be nice to follow up to the list as I smell a general-purpose tool here. Maybe I'll dig out the work I did as well. Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]