What is the best way to pass sensitive data while using a URL redirect?
Question
I am looking at a web application that redirects a user to a different site based on a user selection. Following is the scenario
- The user logs in to a web portal (IBM WebSphere portal)
- Then user makes a selection, the user is redirected to a JSP page on a different web portal (running WebSphere). But right now no other data is passed to the JSP.
I would like to pass some sensitive data (the user id in this case) to the redirected page. I can do the following:
However I am uneasy about passing the data as a query string. Would using https instead of http help? What are my options?
1 answers
solution1
0 2015-02-01 05:06:50
We have encountered a similar scenario and we encrypted the entire query string in request. We introduced a filter component which will then decrypt it and pass it on to the handler, on a very high level. You can use https or Post, but nothing is safe from intrusion untill you take a good care.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.