I have a third party application running on JBoss using servlets and jsps. I do not have access to the source code.
Let's say one servlet runs like this : http://localhost/myApp/view.do?clientId=45&command=34
I want to obtain this : http://localhost/myApp/view.do?gf844gf4g8fg4f
After some Googling, I found this : http://www.avedatech.com/Products/QueryCrypt/index.jsp
But it does not fit my needs because I cannot tamper with the code.
My idea was to put a valve Before (encrypt the url) any query starting with http://localhost/myApp and another one After (decrypt).
Unfortunately, my application writes clear urls that is why I try to insert my process at the server level. As a result, any urls appearing in the browser would be unreadable (Javascript not being able to read the url any longer is not an issue.)
Leads already covered :) : We are already in HTTPS Put a hash at the end of the url and make sure that computed hash is equal and deny access if not matching. That prevent tampering but not the user seeing the variables.
Is this feasible ?
Thank you for your help.
