ASP.NET - Encrypt QueryString Variables
If you have a web app that has pages that display database data and that retrieves that data using a primary key that is passed to the page via a querystring variable like this...
http://mywebserver/MyWebApp/GetItem.aspx?ID=12345
... then you have to consider the fact that a user could very easily change the ID, and retrieve some other data... data that they perhaps should not be looking at.
An easy way to circumvent this is to simply encrypt the ID before appending it to any generated URLs, and de-encrypt it in GetItem.aspx, so that your urls now look like this...
http://mywebserver/MyWebApp/GetItem.aspx?ID=e158f349b, making it very difficult to near impossible (or at least not obvious) for then to simply change a number and get some other data. Here's some code to get it done...
encrypted_querystring_variables.txt
http://mywebserver/MyWebApp/GetItem.aspx?ID=12345
... then you have to consider the fact that a user could very easily change the ID, and retrieve some other data... data that they perhaps should not be looking at.
An easy way to circumvent this is to simply encrypt the ID before appending it to any generated URLs, and de-encrypt it in GetItem.aspx, so that your urls now look like this...
http://mywebserver/MyWebApp/GetItem.aspx?ID=e158f349b, making it very difficult to near impossible (or at least not obvious) for then to simply change a number and get some other data. Here's some code to get it done...
encrypted_querystring_variables.txt
0 Comments:
Post a Comment
<< Home