Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encrypting URL variables/query string 1

Status
Not open for further replies.

multiplex77

Programmer
Dec 25, 2001
302
SG
Hi,

I'm creating a database-driven ASP app and I was wondering if there is a way to Encrypt URL variables or query strings that I pass to my forms. Currently, I can't pass URL variables if the variables contain sensitive info. e.g.,


Is there any way to "encrypt" the querystring ("employee_no=1234") to prevent a user from directly accessing this data by just typing in the URL (with the querystring)?

So far I've had to work around this problem using Redirects, Session variables and Form variables. But it would really be easier if I could just encrypt the URL querystring.

Thanks for the wisdom offered!
 
I don't understand why you want to encrypt it . If you don't want people messing with the querystring, then don't use them, use a session.
www.vzio.com
ASP WEB DEVELOPMENT



 
onpnt pointed you into the right direction. However, have a look at


You can find a complete encryption scheme here

Using this encryption, you can transform a standard QueryString like:

/SomePage.asp?SL=ActiveServerPages&N1=4GuysFromRolla.com&N2=FreeURL.com


to utter goobledegook, something that the web surfer will have no idea what variables and values are being passed along through the QueryString:

/SomePage.asp?crypt=w%96%9Ei%7D%9D%AE%91%B7%ACf%86%C4%AC%CA%90%96c%A1%9D%8F%89%B2z%92U%87Z%95%CF%A6%A5i%BE%96%9C%91%B9%AA%A5%97d%BE%BF%95gwb%8C%93%B7%8A%88%A7%A2%94h%B8%A9%AA

Good luck

Njitter ---
It's never too late to do the Right thing
 
Thanks so much!!! This is exactly what I was looking for.

I tried it but can't seem to run the KeyGen.asp file - it takes forever and doesn't load anything. start.asp also doesn't work. I've already changed the key.txt path to my C:\Inetput\ Is that okay?

Can I get it to work without a key? Or just hardcode in a key? My app isn't *that* secure...

Thanks again!
 
multiplex,

just read the documentation..4guys also have a forum. Seek for help there...

Njitter ---
It's never too late to do the Right thing
 
I came across a good component today, that has a "heavy duty" encryption... they say on their page, it would take 3 million years to decrypt it..


Pretty easy to use:


<%
Set myencryptor = Server.CreateObject(&quot;Dynu.Encrypt&quot;)
REM the below line will put the encrypted value of &quot;This is something.&quot; into
REM variable encrypted.
encrypted = myencryptor.encrypt(&quot;This is something.&quot;, &quot;somepassword&quot;)

REM the below line will display the encrypted value.
Response.Write(encrypted & &quot;<BR>&quot;)

REM the below line will decrypt the value stored in encrypted and
REM put it in variable decrypted.
decrypted = myencryptor.decrypt(encrypted, &quot;somepassword&quot;)

REM the below line will display the decrypted value.
Response.Write(decrypted & &quot;<BR>&quot;)

Set myencryptor = nothing
%>
www.vzio.com
ASP WEB DEVELOPMENT
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top