473,714 Members | 3,461 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Hide or encode URL

I want to send emails that would include a link to an asp page. The link
would look like

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number in the
URL that would load a different page. I'd prefer not to have to use a
password. Code samples would be most helpful.

thanks
Jul 19 '05 #1
7 9112
Server.URLEncod e(The_URL_to_en code)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)
Terri <Te***@spamaway .com> wrote in message
news:c2******** **@reader2.nmix .net...
I want to send emails that would include a link to an asp page. The link
would look like

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number in the
URL that would load a different page. I'd prefer not to have to use a
password. Code samples would be most helpful.

thanks

Jul 19 '05 #2
> http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number in the
URL that would load a different page. I'd prefer not to have to use a
password. Code samples would be most helpful.


By different number, I assume you mean the ID in the querystring. And, I'm
assuming once someone follows that link, they're redirected to another page?
If so, the only way I can think of to validate if it's the correct url is to
include some other identifier in the url also, and then match them up on the
destination page.

For example,

The url: http://10.0.0.10/ContactDetails.asp?ID=18484&PID=2

On ContactDetails. asp:

id = request.queryst ring("id")
page_id = request.queryst ring("pid")

response.redire ct("SomeOtherPa ge.asp?pid=" & page_id)

On SomeOtherPage.a sp:

page_id = 1

if cint(request.qu erysting("pid") <> page_id then
response.redire ct ("default.as p")
end if
Or, something like that.

Randy

Jul 19 '05 #3
"Terri" <Te***@spamaway .com> wrote in message
news:c2******** **@reader2.nmix .net...
I want to send emails that would include a link to an asp page. The link
would look like

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number in the
URL that would load a different page. I'd prefer not to have to use a
password. Code samples would be most helpful.


Ideally, you should be encrypting the IDs that you pass around so the user
couldn't do something like that. Users should never see an unencrypted ID
value because it's a security risk. In other words, your ASP application
would get the ID from the database and encrypt it, then pass around the
encrypted value, and then decrypt it when it needed to make a call back to
the server with that value.

Regards,
Peter Foti
Jul 19 '05 #4
"Terri" wrote:

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number
in the URL that would load a different page.


The other responses all seem to think you were asking how to hide the true
destination of the document, but I read it to mean you didn't want users to
be able to guess article IDs. Is that correct?

If so, then you probably should use IDs that are not sequential, and
furthermore seem random. One simple approach would be to use GUIDs. Your
URLs would end up looking something like this:

http://server/ContactDetails.asp?ID=...6-FECBB568B277

....which would map to article 18484 in the DB.

See this for pros and cons:
http://www.devx.com/dbzone/Article/10167

If GUIDs seem too large (they are 16 bytes), you can always generate random
numbers and check for uniqueness when creating your article IDs.
--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Jul 19 '05 #5
Thanks for all your responses.

The ID refers to a contact so I don't want one contact to be able to type
in someone else's contact ID and modify someone else's data.

The encryption suggestion seems to be the most secure. I assume if I used
the URLEncode method that the encoded string could be reverse-engineered.
The guid method may also be secure enough for my needs.

I needed general ideas about how to accomplish this in order to prepare a
price estimate, so I think I have enough info for that. If I get the project
I'll have to examine one of these methods in more detail.

Thanks again.

"Dave Anderson" <GT**********@s pammotel.com> wrote in message
news:On******** ******@TK2MSFTN GP11.phx.gbl...
"Terri" wrote:

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number
in the URL that would load a different page.
The other responses all seem to think you were asking how to hide the true
destination of the document, but I read it to mean you didn't want users

to be able to guess article IDs. Is that correct?

If so, then you probably should use IDs that are not sequential, and
furthermore seem random. One simple approach would be to use GUIDs. Your
URLs would end up looking something like this:

http://server/ContactDetails.asp?ID=...6-FECBB568B277
...which would map to article 18484 in the DB.

See this for pros and cons:
http://www.devx.com/dbzone/Article/10167

If GUIDs seem too large (they are 16 bytes), you can always generate random numbers and check for uniqueness when creating your article IDs.
--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use of this email address implies consent to these terms. Please do not contact me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

Jul 19 '05 #6
Encode and Encrypt are different...
You want Encrypt

--
Curt Christianson
Owner/Lead Developer, DF-Software
www.Darkfalz.com
"Terri" <Te***@spamaway .com> wrote in message
news:c2******** **@reader2.nmix .net...
Thanks for all your responses.

The ID refers to a contact so I don't want one contact to be able to type
in someone else's contact ID and modify someone else's data.

The encryption suggestion seems to be the most secure. I assume if I used
the URLEncode method that the encoded string could be reverse-engineered.
The guid method may also be secure enough for my needs.

I needed general ideas about how to accomplish this in order to prepare a
price estimate, so I think I have enough info for that. If I get the project I'll have to examine one of these methods in more detail.

Thanks again.

"Dave Anderson" <GT**********@s pammotel.com> wrote in message
news:On******** ******@TK2MSFTN GP11.phx.gbl...
"Terri" wrote:

http://10.0.0.10/ContactDetails.asp?ID=18484

How can I prevent someone from simply typing in a different number
in the URL that would load a different page.


The other responses all seem to think you were asking how to hide the true destination of the document, but I read it to mean you didn't want users

to
be able to guess article IDs. Is that correct?

If so, then you probably should use IDs that are not sequential, and
furthermore seem random. One simple approach would be to use GUIDs. Your
URLs would end up looking something like this:

http://server/ContactDetails.asp?ID=...6-FECBB568B277

...which would map to article 18484 in the DB.

See this for pros and cons:
http://www.devx.com/dbzone/Article/10167

If GUIDs seem too large (they are 16 bytes), you can always generate

random
numbers and check for uniqueness when creating your article IDs.
--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message.

Use
of this email address implies consent to these terms. Please do not

contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


Jul 19 '05 #7
"Curt_C [MVP]" <software_AT_da rkfalz.com> wrote in message
news:Og******** ******@tk2msftn gp13.phx.gbl...
Encode and Encrypt are different...
You want Encrypt


Yeah, what he said. :)
Try reading this article. I think he includes some references to some ways
to encrypt the data (but you could also use something like ASPEncrypt if
your host provides it).
http://authors.aspalliance.com/nothi...l=nothingmn_10

Best,
Peter Foti
Jul 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1982
by: Nick Ashton | last post by:
Hi Whilst browsing the MSDN on day, I am sure I saw an article on 'How to encode your ASP code within the asp page', but I can not find it again. Can anyone help me please. If I remember the article correctly, before putting the page on the server, you add special tags before and after any sensitive code. You then upload the page to any asp
3
9286
by: maflu | last post by:
Hello, I have a form on my website to send data to my email address with the usual line: <input type=hidden name="recipient" value="myname@myaddress.com"> What is the best way do you think to hide my email address so that spammer robots cannot harvest it? Should I use javascript (but how?) or Php? Thank you for your help Cheers Ted
1
1960
by: ok | last post by:
I think my last question was not clear, so people gave me the reverse answer. I want to put a string in an html file, and human eyes or robots will not be able to read it. For example I want to turn this one <a href="#" onclick="this.href='http://www.google.com'">click here</a> into <a href="#" onclick="this.href=' encoded of h encoded of t encoded of t
8
2421
by: Alex Nitulescu | last post by:
Hi. I have the following question - is it possible (I assume it is, but I have no idea how to do it) to HIDE the href text which automatically shows in the status bar of IE ? I have build a templated, data-bound custom control. Using it, I am showing a list of names from the Authors table, using hypertext links with the text set to the name of the person, such as: RINGER, PAUL RINGER, JANE each of the links pointing to a Details form,...
2
1698
by: bhavik | last post by:
hi i want to know how to hide the values in query string in ASP.net. here i want to send the values from one page to another page through query string with out explicitly visible the values in the query string. i want the solution with the response.redirect method. example : www.mysite.com/member.aspx?id=123&name=coco but i wan the link is www.mysite.com/member.aspx only. I dont want use Session, or cache.this will make heavy my...
4
2654
by: Laurahn | last post by:
How can i hide the real URL (i mean the Physical Application Path) of a web page on the IE? I don't know if it is related to "HtmlEncode"? Can someone give an example? Thanks. !!
1
2489
by: pawan123 | last post by:
Hi, I am using VB6 and SQL Server 2000. I want to design a logon form. In this form, how can I use a Password field to store in encrypted form in tbluser table and how can I compare password text in this table? Please tell me how I can use encode/decoder algorithm to secure password. User form coding is as follows :-
0
10771
Debadatta Mishra
by: Debadatta Mishra | last post by:
Introduction In this article I will provide you an approach to manipulate an image file. This article gives you an insight into some tricks in java so that you can conceal sensitive information inside an image, hide your complete image as text ,search for a particular image inside a directory, minimize the size of the image. However this is not a new concept, there is a concept called Steganography which enables to conceal your secret...
4
2863
by: rkyakkala | last post by:
Hi, In my webapplication i am opening new window by passing some parameters.i am passing password also as parameter.But i need to hide it or encode it. how can i do this.Following is my code: function getUrl(gsamName,deviceName,userName,passWord){ ...
0
8814
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8713
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9318
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9032
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7957
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6638
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5961
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4467
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4730
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.