Encryption of GET and POST request parameters

Asked

Viewed 602 times

1

I am beginner in java and I am studying java web, mainly servlets and JSP. And I need to develop a web application as a college job, focused on security. For this I would like to encrypt the URL’s parameters (in GET) and also the parameters passed in the header via POST. I would like to do this manually without using HTTPS.

But the question is how this architecture would work (calling class encryption/decryption every time you enter a page). Has anyone ever done anything like this? Would you have a hint?

java web-application security-guard cryptography

  • If you want to do this for learning purposes, there are several Javascript libraries that perform encryption, and with HTML5 there is even a native solution - Webcrypto - that offers several algorithms. In practice, however, the architecture would be complex and there are many boring details, too much to explain in an answer, to do right would require a book. HTTPS (HTTP over TLS/SSL) works because all these details have been well thought out and encryption works at the transport level, that is, everything that is transmitted, including the parameters of GET and POST, is already encrypted.

1 answer

3

You would use some asymmetric key algorithm, and with it you would encrypt the query string GET or the body of the POST request using the public key before sending it to the server (use javascript to do this). On the server you recover the original information by decrypting it with the private key.

However, I do not recommend you follow this line for your college work. What you’re trying is just a way to reinvent a square wheel. That is, a mediocre, home-made solution to a problem for which there is already a much superior, standardized and widely known solution.

  • Thank you so much for the answer! But is there any simple and existing way to encrypt the URL in GET? This existing standard, you refer to HTTPS ?

  • 2

    @Mehrune You can search around for the encryption function you prefer. Look for asymmetric key encryption in javascript. However, you will only be able to encrypt the query string of the URL, not the full URL, otherwise the browser would not understand this URL and could not use it. HTTPS already overcomes all these problems.

Browser other questions tagged java web-application security-guard cryptography

You are not signed in. Login or sign up in order to post.