Solved

Hiding the Query String

Posted on 2004-08-26
17
1,195 Views
Last Modified: 2010-04-01
hi Experts,
              I have a JSP page that reads parameters out of the Query String.  i have some hyperlinks in my page with poing to the same page , each with its own set of Query parameters.. SO each time the Query Parameters are read and i display data based on the Query Parameters..I have 6-7 Parameters that gets displayed on the Query String..

My URL after 2-3 submits looks like this..

http://localhost/My JSP Project/My_JSP_Page.jsp?TableName=ALL_GLOBAL_USERS&REQUESTED_Field=Assignments&OrderBy=EmployeeId etc etc..

Now it there a way by which i can Mask the URL and prevent it from displaying all the  query parameters ???

Thanx in Advance..

newBie Web Programmer.
0
Comment
Question by:FearFactor_x
  • 7
  • 4
  • 2
  • +3
17 Comments
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903261
what method are you using to submit?

if your variables are defined via from fields, and you are clicking a submit button, you should be able to define the <form> method as post, then your variables shouldn't show up.

0
 
LVL 27

Expert Comment

by:rrz
ID: 11903266
Use post method instead of get method for your form.
0
 
LVL 27

Expert Comment

by:rrz
ID: 11903285
Sorry, k41d3n, I didn't see your comment.
0
 

Author Comment

by:FearFactor_x
ID: 11903360
hi Experts,
              I am not using any Forms Or submitting anything.. i am using HyperLInks inside my Page.. and the href attribute of the HyperLink has my page.jsp?<Query Parameters..> .. I populate the Query Parameters Dynamically i have around 20-30 Hyperlinks and when each one is clicked.. and when the page gets loaded i read the parameters off the Query String and then do what is necessary...  In such a case how do i mask the query parameters..??

NewBie Web Programmer

0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903406
Do the hyperlinks lead to something? or is it more like making selections? In which case you could change them to check boxes and a submit button. Barring that, links use the get method, you might be able to use a javascript function to switch the method to post on click, but that's sketchy.

0
 
LVL 19

Accepted Solution

by:
ramazanyich earned 50 total points
ID: 11903462
In that case create a form with hidden parameter named 'query' and on href of link call javascript function which will first set value for query and call submit() to the form. On form use method="POST". On your JSP page get parameter 'query' using call:
String query=request.getParameter("query");
and parse that STring as you did previously.

Example:
<html>
<script language="JavaScript">
function ss(String param){
document.test.query.value=param;
document.test.submit();
}
</script>
<body>
<a href="javascript:ss('param=value&...')> Click me</a>
<form name="test" method="POST" action="">
<input type="hidden" name="query" value=""/>
</form>
</body>
</html>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903492
Something like:

<a href="page.jsp?q=1&b=3" onClick="javascript:document.links.method=\"get\"">Text</a>

That isn't tested and most likey will not work ;)
0
 

Author Comment

by:FearFactor_x
ID: 11903496
hi k41d3n,
              The links that i use are numbers which get populated at runtime.. Here is a snapshot of my code

<%

 hrefText="MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName;
OptionSelect=// I assign some value to this.... that

%>

and

 <td height="50%"><span class="style31 style6"><a href="<%=hrefText%>"><%=OptionSelect%> < /a></span></td>


So this being the secnario.. how do i mask my Query String parameters..
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 2

Expert Comment

by:k41d3n
ID: 11903582
You can try ramazanyich's idea, or you can make your options in a form. Like a drop down box or a list of checkboxes that are part of a form with the method of post.

You are going to have to incorporate it into a form either way to mask the URL params.

0
 
LVL 19

Expert Comment

by:ramazanyich
ID: 11903591
As I suggested you code will not change a lot.
it will be following changes:
<td height="50%"><span class="style31 style6"><a href="javascript:ss('<%=hrefText%>'"><%=OptionSelect%> < /a></span></td>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903698
You couls also set the variable into the session using a token:

<%
String OptionSelect = "Text";
String queryString = "MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName+";  
String key = new Random().nextLong();  
session.setAttribute( key, queryString );
%>

<a href="<%= key %>"><%= text %>
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11903739
don't forget to import java.util.Random;
0
 
LVL 27

Expert Comment

by:rrz
ID: 11903836
>how do i mask my Query String parameters..  
Just don't send them. Just send OptionSelect.
<a href="<%=OptionSelect>"><%=OptionSelect%>
In your JSP use something like  
if(OptionSelect==1){use correct query string}
if(OptionSelect==2){use different query string}
if(OptionSelect==3){use third query string}
or if OptionSelect is a String
if("one".equals(OptionSelect)){use first query string}
if("two".equals(OptionSelect)){use second one}
rrz
0
 
LVL 2

Expert Comment

by:k41d3n
ID: 11904434
Yeah, I was wrong.

You can store the query string in the session with a random long, but when you pull it out and pring it out so that the string looks like the random then the URL tries to go to the random not the value of the random as set in the session.

I got nothin.
0
 
LVL 27

Expert Comment

by:rrz
ID: 11904760
><a href="<%=OptionSelect>"><%=OptionSelect%>
I was wrong.
I meant to post  
<a href="MyPage.sjp?opt=<%=OptionSelect>"><%=OptionSelect%>
and then use
String option = request.getParameter("opt");
if(option==null)option = "one";
if("one".equals(option)){use first query string}
if("two".equals(option)){use second one}
if("third".equals(option)){use third one}  
rrz

0
 
LVL 1

Expert Comment

by:matthew_york
ID: 11913313
How about something along these lines:

<% for (int i = 0; i < 10; i++) { %>
   <FORM name="form<%= i %>" method="post" action="this.jsp">
      <-- Values to be hidden -->
      <INPUT type="hidden" name="param" value="<%=i %>">
      <A onclick="document.form<%= i %>.submit()">Update Screen</A>
   </FORM>
<% } %>
0
 
LVL 1

Expert Comment

by:Lucky48390
ID: 11918910
Hey Fear Factor. While some might oppose the use of frames, the very simplest way to conceal when the request comes from a hyperlink is to use one.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
maven scope 1 126
maven project import to eclipse problems 13 102
java beans and EJBs 5 185
spring JDBC Template example error 26 207
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Facing problems with you memory card? Cannot access your memory card? All stored data, images, videos are lost? If these are your questions...than this small article might help you out in retrieving your lost or inaccessible data.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now