Solved

Hiding the Query String

Posted on 2004-08-26
17
1,217 Views
Last Modified: 2010-04-01
hi Experts,
              I have a JSP page that reads parameters out of the Query String.  i have some hyperlinks in my page with poing to the same page , each with its own set of Query parameters.. SO each time the Query Parameters are read and i display data based on the Query Parameters..I have 6-7 Parameters that gets displayed on the Query String..

My URL after 2-3 submits looks like this..

http://localhost/My JSP Project/My_JSP_Page.jsp?TableName=ALL_GLOBAL_USERS&REQUESTED_Field=Assignments&OrderBy=EmployeeId etc etc..

Now it there a way by which i can Mask the URL and prevent it from displaying all the  query parameters ???

Thanx in Advance..

newBie Web Programmer.
0
Comment
Question by:FearFactor_x
  • 7
  • 4
  • 2
  • +3
17 Comments
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903261
what method are you using to submit?

if your variables are defined via from fields, and you are clicking a submit button, you should be able to define the <form> method as post, then your variables shouldn't show up.

0
 
LVL 27

Expert Comment

by:rrz
ID: 11903266
Use post method instead of get method for your form.
0
 
LVL 27

Expert Comment

by:rrz
ID: 11903285
Sorry, k41d3n, I didn't see your comment.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:FearFactor_x
ID: 11903360
hi Experts,
              I am not using any Forms Or submitting anything.. i am using HyperLInks inside my Page.. and the href attribute of the HyperLink has my page.jsp?<Query Parameters..> .. I populate the Query Parameters Dynamically i have around 20-30 Hyperlinks and when each one is clicked.. and when the page gets loaded i read the parameters off the Query String and then do what is necessary...  In such a case how do i mask the query parameters..??

NewBie Web Programmer

0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903406
Do the hyperlinks lead to something? or is it more like making selections? In which case you could change them to check boxes and a submit button. Barring that, links use the get method, you might be able to use a javascript function to switch the method to post on click, but that's sketchy.

0
 
LVL 19

Accepted Solution

by:
ramazanyich earned 50 total points
ID: 11903462
In that case create a form with hidden parameter named 'query' and on href of link call javascript function which will first set value for query and call submit() to the form. On form use method="POST". On your JSP page get parameter 'query' using call:
String query=request.getParameter("query");
and parse that STring as you did previously.

Example:
<html>
<script language="JavaScript">
function ss(String param){
document.test.query.value=param;
document.test.submit();
}
</script>
<body>
<a href="javascript:ss('param=value&...')> Click me</a>
<form name="test" method="POST" action="">
<input type="hidden" name="query" value=""/>
</form>
</body>
</html>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903492
Something like:

<a href="page.jsp?q=1&b=3" onClick="javascript:document.links.method=\"get\"">Text</a>

That isn't tested and most likey will not work ;)
0
 

Author Comment

by:FearFactor_x
ID: 11903496
hi k41d3n,
              The links that i use are numbers which get populated at runtime.. Here is a snapshot of my code

<%

 hrefText="MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName;
OptionSelect=// I assign some value to this.... that

%>

and

 <td height="50%"><span class="style31 style6"><a href="<%=hrefText%>"><%=OptionSelect%> < /a></span></td>


So this being the secnario.. how do i mask my Query String parameters..
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903582
You can try ramazanyich's idea, or you can make your options in a form. Like a drop down box or a list of checkboxes that are part of a form with the method of post.

You are going to have to incorporate it into a form either way to mask the URL params.

0
 
LVL 19

Expert Comment

by:ramazanyich
ID: 11903591
As I suggested you code will not change a lot.
it will be following changes:
<td height="50%"><span class="style31 style6"><a href="javascript:ss('<%=hrefText%>'"><%=OptionSelect%> < /a></span></td>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903698
You couls also set the variable into the session using a token:

<%
String OptionSelect = "Text";
String queryString = "MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName+";  
String key = new Random().nextLong();  
session.setAttribute( key, queryString );
%>

<a href="<%= key %>"><%= text %>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903739
don't forget to import java.util.Random;
0
 
LVL 27

Expert Comment

by:rrz
ID: 11903836
>how do i mask my Query String parameters..  
Just don't send them. Just send OptionSelect.
<a href="<%=OptionSelect>"><%=OptionSelect%>
In your JSP use something like  
if(OptionSelect==1){use correct query string}
if(OptionSelect==2){use different query string}
if(OptionSelect==3){use third query string}
or if OptionSelect is a String
if("one".equals(OptionSelect)){use first query string}
if("two".equals(OptionSelect)){use second one}
rrz
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11904434
Yeah, I was wrong.

You can store the query string in the session with a random long, but when you pull it out and pring it out so that the string looks like the random then the URL tries to go to the random not the value of the random as set in the session.

I got nothin.
0
 
LVL 27

Expert Comment

by:rrz
ID: 11904760
><a href="<%=OptionSelect>"><%=OptionSelect%>
I was wrong.
I meant to post  
<a href="MyPage.sjp?opt=<%=OptionSelect>"><%=OptionSelect%>
and then use
String option = request.getParameter("opt");
if(option==null)option = "one";
if("one".equals(option)){use first query string}
if("two".equals(option)){use second one}
if("third".equals(option)){use third one}  
rrz

0
 
LVL 1

Expert Comment

by:matthew_york
ID: 11913313
How about something along these lines:

<% for (int i = 0; i < 10; i++) { %>
   <FORM name="form<%= i %>" method="post" action="this.jsp">
      <-- Values to be hidden -->
      <INPUT type="hidden" name="param" value="<%=i %>">
      <A onclick="document.form<%= i %>.submit()">Update Screen</A>
   </FORM>
<% } %>
0
 
LVL 1

Expert Comment

by:Lucky48390
ID: 11918910
Hey Fear Factor. While some might oppose the use of frames, the very simplest way to conceal when the request comes from a hyperlink is to use one.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question