0

From my web application I am doing a redirect to an external URL which has some credentials as a part of the URL string. I would like to encode the credential part alone before redirection. I have the following URL:

String url1 = "http://servername:7778/reports/rwservlet?server=server1&ORACLE_SHUTDOWN=YES&PARAMFORM=no&report=test.rdf&desformat=pdf&desname=test.pdf&destype=cache&param1=56738&faces-redirect=true&";

I am encoding it as:

String URL = "userid=username/passwd@DBname";
encodedURL = URLEncoder.encode(URL, "UTF-8");
String redirectURL = url1 + encodedURL1;

The URL generated by this code is

http://servername:7778/reports/rwservlet?server=server1&ORACLE_SHUTDOWN=YES&PARAMFORM=no&report=test.rdf&desformat=pdf&desname=test.pdf&destype=cache&param1=56738&faces-redirect=true&userid=%3Dusername%2Fpasswd%40DBname

As we can see towards the end of the encoded URL, only the special characters like / have been encoded. i.e. userid=username/passwd@DBname has become userid=%3Dusername%2Fpasswd%40DBname

I want to generate a URL which will have the the entire string "username/passwd@DBname" encoded . Something like :

userid=%61%62

How can I achieve this?

Improve this question
2
  • This makes no sense. Are you aware that this is still decodable without any effort by a wishful enduser? Are you sure that you aren't confusing encoding with encrypting? Commented Jul 17, 2013 at 23:39
  • I just wanted to not display the URL directly. I know that this can have a potential security vulnerability but my application requires this. I am ok with the fact that it can be decodable. Thanks for the help. Commented Jul 18, 2013 at 14:31

1 Answer 1

Reset to default
1

So in fact you want the url to become somewhat unreadable, without the need for decoding, Decoding would be needed for a Base64 encoding (with replacing / and -).

Yes you may abuse the URL encoding.

String encodeURL(String s) {
    byte[] bytes = s.getBytes("UTF-8");
    StringBuilder sb = new StringBuilder();
    for (byte b : bytes) {
        String hex = String.format("%%%02X", ((int)b) & 0xFF);
        sb.append(hex);
    }
    return sb.toString();
}

%% being the percentage sign itself, and %02X hex, 2 digits, zero-filled, capitals.

Mind that some browsers will display such links decoded, on mouse-over. But you are just redirecting.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.