开发者

encrypt query string params in grails

问答 作者:

I'm 开发者_高级运维not depending on this as a primary layer of security or even one that i would be comfortable alone but it would be just another layer to obfuscate how things work.

I was wondering if there was something already built that would allow me to encrypt the query string params in grails? It would be easy enough to write something to do this but just looking for anything that might already be available.

something like...

<g:link controller="pony" action="ride" params="[thing:thingInstance.id.encrypt()]" />Go</g:link>

user sees ..\pony\ride\MaybeSomeMD5EncodedStringHere instead of ..\pony\ride\1

class PonyController{

    @Secured(['ROLE_AUTH_USER'])
    def ride ={
        //additional security checks handled by Spring Security Core
        def thing = Thing.get(thingInstance.id.dencrypt());
    }

}

Your users should not be able to inflict harm by changing the request made. You application should be doing its job securing every request based on permissions and roles, not just making sure you don't show the link /Users/delete/1 . That controller should actually check your permission to do that regardless.

Anyway, there aren't any plug ins that I'm aware of for obfuscating the URL, probably because it would be so easy to roll your own. Just edit your URLMappings:

http://www.grails.org/doc/latest/ref/Plug-ins/URL%20mappings.html

And do something like convert it into Base64, that will probably obfuscate it enough. 

encoded = s.bytes.encodeBase64().toString()

Remember, this isn't a solid form of security, so if you need that and this is your plan of action, you're doing it wrong.

;)

继续阅读:encryptiongrailssecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9