How to hide an email address as a url parameter

I want to pas开发者_JAVA百科s an email address as a parameter in a URL string but hide it. The URL string is constructed in a Java routine and the jsp page receiving the request will pass the string to a server side java routine to decode it. Someone must have already written this code but I cannot find it - probably not asking the right question. Thanks. Fred

---

If you're including the email in the URL you cannot hide it, but you can encrypt it.

If encryption doesn't rock your world, and you simply want to obscure the email address, you could obfuscate it.

---

The other way to submit it with out it being so obvious would be to use POST to send the data to the jsp page rather than using Querystring.

---

Typically, users have a session with data stored on the server. The e-mail address would be stored in the session object, on the server. The client supplies its session ID in a cookie or in the URL. This way, you can pass information to the next page without putting it in the URL.

---

If you don't want to deal with this via a session, or you're passing this string between servers, you have two options. Either Hash the email, or Base64 encode it. If you're worried about anyone other than you ever (or the user) finding the actual email, don't use Base64. However, if that's not a concern, then base64 is the easiest and fastest way to include an email address the doesn't look like an email address.

If, however, you're worried about the information leaking in any way, use MD5 or SHA hashes of the email. To speed the lookup in the DB, you may want to pre-compute the hashed version of the email and store it in an additional column in the table.

I'd recommend SHA over MD5, though for this lightweight usage, I doubt the flaws in MD5 will affect you.

---

Use hiddden form fields.
<input type="hidden" ...>
Hidden form fields come into handy when you dont want them to be exposed when transferring from jsp page to servlet and then to a java bean.