We’ve got user SSN’s in jsp’s that show in source code of an html page as:
<a href="onclick:submitsomeform(123456789)"
In order to avoid this, I made couple of methods called getEncryptedSSN() and getDecryptedSSN() which could be called from the JSP. These methods made use of the javax.crypto to encrypt/decrypt the ssn string, however, this import is "disallowed" by the setup coding standards. So now I’m out of options on how to avoid showing the SSN in the view source of HTML. We can not go the route of not passing the SSN in form submit because in the DB, the SSN field is the only primary field.
Are there any other ways to simply encrypt/decrypt a string in java w/out using javax.crypto?
One obvious option is to just write your own encryptian function. You probably aren’t going to write something as secure as the big-time security folks have come up with, but depending on the context, something simple might be adequate, i.e. something that would frustrate the casual snooper, and accept that if the CIA or Mosad or whoever is trying to crack your encryptian, they’ll figure it out in minutes. I don’t know how big a target you are for hackers. If you’re working for a bank or the IRS or something where lots of people might well be trying to intercept your transactions and the consequences of interception are high, forget it, you want industrial-grade security. But if you’re working for Joe’s Pet Care Advice Swap Forum and there’s no particularly sensitive information involved other than the SSN itself, and there’s no great number of enemies out to get you, a home-grown solution might be adequate.