QueryCrypt
Home Page
Categories: Web frameworks
Author: Aveda Technology
Latest version: 1.0
Added 2005-10-05
Enables the encryption of URL parameters at the presentation layer of the web application. This secures your web application from a potential hacker manipulating the query request to gain access to sensitive data by altering parameters.
QueryCrypt works via a session listener, and API calls are provided to construct or deconstruct query parameters.
Features include:
- configurable with Servlet Init parameters on server startup.
- creates a unique set of private key(s) for each user-session and encrypt all user-session query data with that unique set of private key(s). One private key set per user-session.
- uses the user-session specific key set and the DESede (triple DES variant with three DES keys) to encrypt all query data.
- what the user sees in their URL is an unique MD5 message digest of the encrypted result. This further prevents hackers from guessing the user-session key set.
- ability to timeout query parameters to further enhance the security.
- customize the query name so that it masks the use of this product in your server architecture.
- Built in mechanism to prune stale or expired user-session data when session expires to maintain a small memory footprint.
Built for Java |