Encrypt URL querystring

I have a java batch program that emails links to users. For example http://mysite.com/getcoupon.jsp?coupon_id=1221.
I want to encrypt the part after query String (coupon_id=1221) so the user can't change the entry in the address box.

What would be the easiest way to do this and how would decrypt the query string in my JSP page.
LVL 5
apparitionAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KuldeepchaturvediCommented:
in short you dont want them to change the coupon_id and then then call the jsp again..
is that correct??
apparitionAuthor Commented:
That is correct
KuldeepchaturvediCommented:
this URL has got a working example of a encrypter Decrypter class... you can use these classes in your jsp to encrypt and decrypt the values..

http://www.javaalmanac.com/egs/javax.crypto/PassKey.html
let me know if you need any help doing this

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

bloodredsunCommented:
If you want to encrypt and decrypt the querystring (which is always a good idea) I suggest that you follow the example shown in javaalmanac.com http://www.javaalmanac.com/egs/javax.crypto/DesString.html on encyption and decryption with DES (a standard algorithm found in the JDK).

You would still need to name the parameter (such as "enc_query") so that it would be available to the other pages along the lines of this

-----------
<%
        SecretKey key = KeyGenerator.getInstance("DES").generateKey(); //see example
        DesEncrypter encrypter = new DesEncrypter(key);//see example
        String queryString = request.getQueryString() ;
        String encryptedQueryString = encrypter.encrypt( queryString );
%>
<a href="/nextPage.jsp?enc_query=<%= encryptedQueryString  %>" />Click here to go to the next page</a>


In nextPage.jsp, calling request.getParamter("enc_query") ; would return the encrypted parameter for decryption
KuldeepchaturvediCommented:
gotcha...!!!!:-)

How is London doing today..?? I heared some terrible news on TV this morning.. I hope you and your loved ones are doing okay....
KuldeepchaturvediCommented:
gotcha...!!!!:-)
I posted the same link 2 min before.....:-) ( HTMLAlert rocks)

How is London doing today..?? I heared some terrible news on TV this morning.. I hope you and your loved ones are doing okay....
KuldeepchaturvediCommented:
how come my post went twice??????
bloodredsunCommented:
We're all good thanks Kuldeep, although some have not been as lucky, but thanks for the thoughts :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.