Solved

Hiding the Query String

Posted on 2004-08-26
17
1,188 Views
Last Modified: 2010-04-01
hi Experts,
              I have a JSP page that reads parameters out of the Query String.  i have some hyperlinks in my page with poing to the same page , each with its own set of Query parameters.. SO each time the Query Parameters are read and i display data based on the Query Parameters..I have 6-7 Parameters that gets displayed on the Query String..

My URL after 2-3 submits looks like this..

http://localhost/My JSP Project/My_JSP_Page.jsp?TableName=ALL_GLOBAL_USERS&REQUESTED_Field=Assignments&OrderBy=EmployeeId etc etc..

Now it there a way by which i can Mask the URL and prevent it from displaying all the  query parameters ???

Thanx in Advance..

newBie Web Programmer.
0
Comment
Question by:FearFactor_x
  • 7
  • 4
  • 2
  • +3
17 Comments
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
what method are you using to submit?

if your variables are defined via from fields, and you are clicking a submit button, you should be able to define the <form> method as post, then your variables shouldn't show up.

0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
Use post method instead of get method for your form.
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
Sorry, k41d3n, I didn't see your comment.
0
 

Author Comment

by:FearFactor_x
Comment Utility
hi Experts,
              I am not using any Forms Or submitting anything.. i am using HyperLInks inside my Page.. and the href attribute of the HyperLink has my page.jsp?<Query Parameters..> .. I populate the Query Parameters Dynamically i have around 20-30 Hyperlinks and when each one is clicked.. and when the page gets loaded i read the parameters off the Query String and then do what is necessary...  In such a case how do i mask the query parameters..??

NewBie Web Programmer

0
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
Do the hyperlinks lead to something? or is it more like making selections? In which case you could change them to check boxes and a submit button. Barring that, links use the get method, you might be able to use a javascript function to switch the method to post on click, but that's sketchy.

0
 
LVL 19

Accepted Solution

by:
ramazanyich earned 50 total points
Comment Utility
In that case create a form with hidden parameter named 'query' and on href of link call javascript function which will first set value for query and call submit() to the form. On form use method="POST". On your JSP page get parameter 'query' using call:
String query=request.getParameter("query");
and parse that STring as you did previously.

Example:
<html>
<script language="JavaScript">
function ss(String param){
document.test.query.value=param;
document.test.submit();
}
</script>
<body>
<a href="javascript:ss('param=value&...')> Click me</a>
<form name="test" method="POST" action="">
<input type="hidden" name="query" value=""/>
</form>
</body>
</html>
0
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
Something like:

<a href="page.jsp?q=1&b=3" onClick="javascript:document.links.method=\"get\"">Text</a>

That isn't tested and most likey will not work ;)
0
 

Author Comment

by:FearFactor_x
Comment Utility
hi k41d3n,
              The links that i use are numbers which get populated at runtime.. Here is a snapshot of my code

<%

 hrefText="MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName;
OptionSelect=// I assign some value to this.... that

%>

and

 <td height="50%"><span class="style31 style6"><a href="<%=hrefText%>"><%=OptionSelect%> < /a></span></td>


So this being the secnario.. how do i mask my Query String parameters..
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
You can try ramazanyich's idea, or you can make your options in a form. Like a drop down box or a list of checkboxes that are part of a form with the method of post.

You are going to have to incorporate it into a form either way to mask the URL params.

0
 
LVL 19

Expert Comment

by:ramazanyich
Comment Utility
As I suggested you code will not change a lot.
it will be following changes:
<td height="50%"><span class="style31 style6"><a href="javascript:ss('<%=hrefText%>'"><%=OptionSelect%> < /a></span></td>
0
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
You couls also set the variable into the session using a token:

<%
String OptionSelect = "Text";
String queryString = "MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName+";  
String key = new Random().nextLong();  
session.setAttribute( key, queryString );
%>

<a href="<%= key %>"><%= text %>
0
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
don't forget to import java.util.Random;
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
>how do i mask my Query String parameters..  
Just don't send them. Just send OptionSelect.
<a href="<%=OptionSelect>"><%=OptionSelect%>
In your JSP use something like  
if(OptionSelect==1){use correct query string}
if(OptionSelect==2){use different query string}
if(OptionSelect==3){use third query string}
or if OptionSelect is a String
if("one".equals(OptionSelect)){use first query string}
if("two".equals(OptionSelect)){use second one}
rrz
0
 
LVL 2

Expert Comment

by:k41d3n
Comment Utility
Yeah, I was wrong.

You can store the query string in the session with a random long, but when you pull it out and pring it out so that the string looks like the random then the URL tries to go to the random not the value of the random as set in the session.

I got nothin.
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
><a href="<%=OptionSelect>"><%=OptionSelect%>
I was wrong.
I meant to post  
<a href="MyPage.sjp?opt=<%=OptionSelect>"><%=OptionSelect%>
and then use
String option = request.getParameter("opt");
if(option==null)option = "one";
if("one".equals(option)){use first query string}
if("two".equals(option)){use second one}
if("third".equals(option)){use third one}  
rrz

0
 
LVL 1

Expert Comment

by:matthew_york
Comment Utility
How about something along these lines:

<% for (int i = 0; i < 10; i++) { %>
   <FORM name="form<%= i %>" method="post" action="this.jsp">
      <-- Values to be hidden -->
      <INPUT type="hidden" name="param" value="<%=i %>">
      <A onclick="document.form<%= i %>.submit()">Update Screen</A>
   </FORM>
<% } %>
0
 
LVL 1

Expert Comment

by:Lucky48390
Comment Utility
Hey Fear Factor. While some might oppose the use of frames, the very simplest way to conceal when the request comes from a hyperlink is to use one.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now