the other john wrote:
This application is a content manager for web development. It manages
clients, developers, and administrators. Each have their own level of
access. The problem comes in when querying the database. A developer
or client could change the ID's in the querystrings to view projects
not assigned to them. I've always used querystrings to pass the
unique values to retrieve the appropriate data. I want to encrypt
the query strings to avoid this problem.
OK. I think I understand. You want to obfuscate the record keys in lieu of
authentication and privilege checking. This is possible, but it is important
that you realize that obfuscation is not security.
If you are identifying each user, you might want to actually design your
application so it verifies user privileges with every round-trip. I do this
with MOST applications.
But I realize this is not always possible. Some of our apps allow anonymous
submissions (and tracking by the originator). For these, we need what you
are seeking -- obfuscated keys. And for many of these, we use GUIDs.
Now, you don't mention your database variety, but if it's SQL Server, you
might want to give consideration to GUIDs (SQL Server type:
UNIQUEIDENTIFIER). I find it straightforward to add them to existing tables,
and they are fairly tough to guess outright.
Say, for example, your project table has an identity column [ID], upon which
you JOIN other tables:
SELECT P.*, H.*
FROM Project P
JOIN History H ON (H.ProjectID = P.ID)
WHERE P.ID = 12345
Adding a GUID would barely change this query:
SELECT P.*, H.*
FROM Project P
JOIN History H ON (H.ProjectID = P.ID)
WHERE P.GUID = 'A4C187AD-92AC-478F-9AED-9B74AEB5CB60'
Notice that the GUID need only be part of the root (project) node. ID
becomes a "private property" of the project -- no user ever needs to know
it, but as an INT, it is far better suited for being part of a primary key
than a GUID is. More importantly, your existing relationships are not
changed by adding the GUID.
If this approach interests you, I can expand a little on the topic.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.