473,406 Members | 2,451 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > scramble information in the querystring

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Scramble Information in the QueryString

What are some options for scrambling information in the QueryString.

Consider this URL for example:
SomePage.aspx?userid=15

I don't care if there is something in the querystring - I'd just prefer that
it's not obvious that a variable named [userid] is getting passed, and that
it has a value of 15.

Nov 19 '05 #1
3 1972
You can use DPAPI to encrypt it when you issue the QS and then decrypt it
when it's sent back in. Dom has some wrappers for DPAPI:

http://www.leastprivilege.com/PermaL...8-6ff79a60e43f

-Brock
DevelopMentor
http://staff.develop.com/ballen
What are some options for scrambling information in the QueryString.

Consider this URL for example:
SomePage.aspx?userid=15
I don't care if there is something in the querystring - I'd just
prefer that it's not obvious that a variable named [userid] is getting
passed, and that it has a value of 15.


Nov 19 '05 #2
You can also use uniqueidentifier as fieldtype instead of int32.
http://msdn.microsoft.com/library/de...a-nop_4pt0.asp

Arjen

"Jeremy S" <A@B.COM> schreef in bericht
news:u%****************@TK2MSFTNGP12.phx.gbl...
What are some options for scrambling information in the QueryString.

Consider this URL for example:
SomePage.aspx?userid=15

I don't care if there is something in the querystring - I'd just prefer
that it's not obvious that a variable named [userid] is getting passed,
and that it has a value of 15.

Nov 19 '05 #3
Even if you do scramble (encrypt) the URL, it could still be modified in a
harmful way by the user either deliberately or accidentally. Perhaps you
could maintain the actual UserID in session state rather than passing it
around in the querystring. Also, there are methods to include a checksum
value in the query string.

"Jeremy S" <A@B.COM> wrote in message
news:u%****************@TK2MSFTNGP12.phx.gbl...
What are some options for scrambling information in the QueryString.

Consider this URL for example:
SomePage.aspx?userid=15

I don't care if there is something in the querystring - I'd just prefer that it's not obvious that a variable named [userid] is getting passed, and that it has a value of 15.

Nov 19 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
Scramble page source - how?
by: Klaus Ambrass | last post by:
Hi all, I write applications for my company's intraweb, and recently we've had some eager users trying to get at some data they shouldn't. The way they did it was to look at the pages input tags...
ASP / Active Server Pages
4
'scramble' string
by: Steve | last post by:
Hi, I am trying to do a very simple "encryption" of a text string in java script. For instance, if the user enters : steve, I want to just convert each character to its ASCII value and add 5...
Javascript
6
Storing Information From URL
by: Rob | last post by:
Hi, Can anyone point me in the direction of how to store information after the ? in the url in form fields. i.e. http://url/test.asp?User=Rob in Form Field UserName Many thanks,
ASP / Active Server Pages
2
information bet. aspnet pages
by: Raja Balaji R | last post by:
Hi, Is there is way to pass data from one page to another asp.net page without using for form posting, querystring, session and application variables. Thanks & Regards Raja Balaji R
ASP.NET
9
Need to pass information into a web page.
by: Paul | last post by:
What I am trying to do is as follows. I have a page with 3 links,that direct the user to 3 different pages when selected after login. So all link selections will first direct the user to a login...
ASP.NET
12
QueryString keys
by: Alex | last post by:
I have a question about determining if one QueryString keys exists. The idea is, if this key exists, than its presence is enough to indicate that its value is true. For example ... ...
ASP.NET
3
Best way to pass information between pages?
by: hugo.flores | last post by:
Hello all. I want to know what would be the best way to pass information between pages in ASP.NET? Querystring, seession variables, server transfer? If possible if anyone can list...
ASP.NET
3
Saving profile information for a specific user when not logged in
by: daokfella | last post by:
I want to be able to store profile information for a user when they sign up for an account...but BEFORE they can log in. Can this be done using any of the built-in profile methods? Here's my...
ASP.NET
3
HELP!! dynamic querystring, dynamic input fields
by: pingsheng | last post by:
Dear all, I have a form with dynamically created input fields. These fields go to next page for submitting into SQL database. The thing is all fields are the same but 4 fields. So each record...
ASP / Active Server Pages
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!