-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sid,
Sid wrote: > Is there a way to hide/encrypt URL parameters using Struts? Struts does not handle this directly. You'll have to do it yourself or use an existing tool to protect these parameters. When I do this type of thing, I symmetrically encrypt the data and then pass the encrypted string as a GET parameter. In order to reduce the threat of replay attacks, I encrypt the expiration date and time of the data along with it and refuse to accept it on the other end if it has expired. There's a project out there called HDIV that is supposed to protect data like this. I don't know a thing about it except that someone posts updates to the project on this list occasionally. (http://www.hdiv.org) Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGRcXF9CaO5/Lv0PARAqRZAJ9uIj6yyZ7Y5+WJIhpwXdPYQ5HXvACgsImg XJMCHxSKee/rTQCJNOIL2L8= =Umki -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
