Reputation: 1273
Encrypting Parameters in URLs
I have a URL that looks like this:
http://localhost:8001/jasperserver&reportUnit=somereport&username=cghan&password=somepasswrd
As you can see, the password is in clear site, along with some other parameters.
What's the best way to secure this?
Upvotes: 1
Views: 1017
Answers (2)
Reputation: 8969
Use SSL encryption, i.e. HTTPS. This makes it encrypted for everyone on the internet but it is still readable on the address bar.
It is not recommended to send password parameters through URL, e.g. HTTP POST. You should send password as HTTP POST.
Upvotes: 2
Reputation: 24885
Set the method of the FORM (in HTML) to POST. That way attributes won't be shown in the URL (they can be retrieved exactly the same way).
Anyway, for anyone with a sniffer, it will make little difference. If it is really important, force the server to use only HTTPS.
Upvotes: 2
Related Questions
- Encryption algorithm for URL Identifiers
- how to encrypt/encode url parameters in jsp
- how do i enable encryption password in url on jasper server
- How to encrypt URL request parameter values in java for use in an emailed link
- URL Encryption in Java
- Encrypting URL parameters in spring MVC
- encrypt and encode URL parameters spring mvc
- Encode URL parameters using Java
- How to encrypt and decrypt URl parameter in java?
- What's the best way to secure a query string with Java?