Disguising/encrypting a querystring variable

Discussion in 'ASP .Net' started by D. Shane Fowlkes, Dec 3, 2004.

  1. I'm trying to come up with a simple approach to disguise or encrypt a
    querystring variable . The variable is a record ID. To my surprise, I'm
    not having much luck finding a solution. I've been to www.asp.net and
    googled some and wasn't able to come up with a simple and realistic
    solution.

    I have a master page that lists records and then a details page pulls
    detailed data from tables in the database. The page needs details page must
    have a QS variable passed to it like "details.aspx?id=100". The master page
    is populated based upon who is viewing it so therefore, not everyone will
    see the same list. What I'm trying to prevent is having someone simply
    replace the variable in the querystring with another one and view someone
    else's detailed data.

    I simply want to disguise the variable on the sending page to anything like
    "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
    read it on the receiving page. Make sense?

    It's there a fairly simple and effective solution to doing this? Anything
    that I've found out there just seemed to involve tons of custom class
    writing (beyond me) and a lot of overkill. It doesn't need to be super
    secure.....just disguised.

    TIA
     
    D. Shane Fowlkes, Dec 3, 2004
    #1
    1. Advertising

  2. There's a great article with code written that can help handle this. Check
    out:
    http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik

    I've found it works veyr nicely.

    Hope this helps,
    Mark Fitzpatrick
    Microsoft MVP - FrontPage

    "D. Shane Fowlkes" <> wrote in message
    news:%...
    > I'm trying to come up with a simple approach to disguise or encrypt a
    > querystring variable . The variable is a record ID. To my surprise, I'm
    > not having much luck finding a solution. I've been to www.asp.net and
    > googled some and wasn't able to come up with a simple and realistic
    > solution.
    >
    > I have a master page that lists records and then a details page pulls
    > detailed data from tables in the database. The page needs details page
    > must
    > have a QS variable passed to it like "details.aspx?id=100". The master
    > page
    > is populated based upon who is viewing it so therefore, not everyone will
    > see the same list. What I'm trying to prevent is having someone simply
    > replace the variable in the querystring with another one and view someone
    > else's detailed data.
    >
    > I simply want to disguise the variable on the sending page to anything
    > like
    > "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
    > read it on the receiving page. Make sense?
    >
    > It's there a fairly simple and effective solution to doing this? Anything
    > that I've found out there just seemed to involve tons of custom class
    > writing (beyond me) and a lot of overkill. It doesn't need to be super
    > secure.....just disguised.
    >
    > TIA
    >
    >
    >
    >
     
    Mark Fitzpatrick, Dec 3, 2004
    #2
    1. Advertising

  3. D. Shane Fowlkes

    Random Guest

    Why don't you create a couple of global functions for your application
    (doesn't need to involve a custom class or anything) that you call to
    encrypt and decrypt the ID as needed? You'd decide on and implement your
    encryption scheme within these functions.

    Another way, albeit a little more complicated, would be to hash the ID value
    and store it as a secondary key within the database.


    "D. Shane Fowlkes" <> wrote in message
    news:%...
    > I'm trying to come up with a simple approach to disguise or encrypt a
    > querystring variable . The variable is a record ID. To my surprise, I'm
    > not having much luck finding a solution. I've been to www.asp.net and
    > googled some and wasn't able to come up with a simple and realistic
    > solution.
    >
    > I have a master page that lists records and then a details page pulls
    > detailed data from tables in the database. The page needs details page
    > must
    > have a QS variable passed to it like "details.aspx?id=100". The master
    > page
    > is populated based upon who is viewing it so therefore, not everyone will
    > see the same list. What I'm trying to prevent is having someone simply
    > replace the variable in the querystring with another one and view someone
    > else's detailed data.
    >
    > I simply want to disguise the variable on the sending page to anything
    > like
    > "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
    > read it on the receiving page. Make sense?
    >
    > It's there a fairly simple and effective solution to doing this? Anything
    > that I've found out there just seemed to involve tons of custom class
    > writing (beyond me) and a lot of overkill. It doesn't need to be super
    > secure.....just disguised.
    >
    > TIA
    >
    >
    >
    >
     
    Random, Dec 3, 2004
    #3
  4. D. Shane Fowlkes

    Hans Kesting Guest

    D. Shane Fowlkes wrote:
    > I'm trying to come up with a simple approach to disguise or encrypt a
    > querystring variable . The variable is a record ID. To my surprise,
    > I'm not having much luck finding a solution. I've been to
    > www.asp.net and googled some and wasn't able to come up with a simple
    > and realistic solution.
    >
    > I have a master page that lists records and then a details page pulls
    > detailed data from tables in the database. The page needs details
    > page must have a QS variable passed to it like "details.aspx?id=100".
    > The master page is populated based upon who is viewing it so
    > therefore, not everyone will see the same list. What I'm trying to
    > prevent is having someone simply replace the variable in the
    > querystring with another one and view someone else's detailed data.
    >
    > I simply want to disguise the variable on the sending page to
    > anything like "details.aspx?id=ahiyne090793097hjkd" and then be able
    > to "uncode" it or read it on the receiving page. Make sense?
    >
    > It's there a fairly simple and effective solution to doing this?
    > Anything that I've found out there just seemed to involve tons of
    > custom class writing (beyond me) and a lot of overkill. It doesn't
    > need to be super secure.....just disguised.
    >
    > TIA


    You could try to use a guid (uniqueidentifier in sqlserver) instead of
    an autonumber id. Then the "hackers" can't just "add 1" and hope
    to get a real id.

    Hans Kesting
     
    Hans Kesting, Dec 3, 2004
    #4
  5. Great. Thanks! Is this in C#? I'm used to VB.NET so the syntax looks a
    little off to me. I'll do my best to convert it and try it out. I may be
    back on Monday for more help. =)



    "Mark Fitzpatrick" <> wrote in message
    news:%...
    > There's a great article with code written that can help handle this. Check
    > out:
    >

    http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
    >
    > I've found it works veyr nicely.
    >
    > Hope this helps,
    > Mark Fitzpatrick
    > Microsoft MVP - FrontPage
    >
    > "D. Shane Fowlkes" <> wrote in message
    > news:%...
    > > I'm trying to come up with a simple approach to disguise or encrypt a
    > > querystring variable . The variable is a record ID. To my surprise,

    I'm
    > > not having much luck finding a solution. I've been to www.asp.net and
    > > googled some and wasn't able to come up with a simple and realistic
    > > solution.
    > >
    > > I have a master page that lists records and then a details page pulls
    > > detailed data from tables in the database. The page needs details page
    > > must
    > > have a QS variable passed to it like "details.aspx?id=100". The master
    > > page
    > > is populated based upon who is viewing it so therefore, not everyone

    will
    > > see the same list. What I'm trying to prevent is having someone simply
    > > replace the variable in the querystring with another one and view

    someone
    > > else's detailed data.
    > >
    > > I simply want to disguise the variable on the sending page to anything
    > > like
    > > "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
    > > read it on the receiving page. Make sense?
    > >
    > > It's there a fairly simple and effective solution to doing this?

    Anything
    > > that I've found out there just seemed to involve tons of custom class
    > > writing (beyond me) and a lot of overkill. It doesn't need to be super
    > > secure.....just disguised.
    > >
    > > TIA
    > >
    > >
    > >
    > >

    >
    >
     
    D. Shane Fowlkes, Dec 3, 2004
    #5
  6. D. Shane Fowlkes

    Joe Fallon Guest

    Why not forget about using a QS?
    Just create a session variable on Page1 and pull it out on Page2.
    --
    Joe Fallon



    "D. Shane Fowlkes" <> wrote in message
    news:%...
    > I'm trying to come up with a simple approach to disguise or encrypt a
    > querystring variable . The variable is a record ID. To my surprise, I'm
    > not having much luck finding a solution. I've been to www.asp.net and
    > googled some and wasn't able to come up with a simple and realistic
    > solution.
    >
    > I have a master page that lists records and then a details page pulls
    > detailed data from tables in the database. The page needs details page
    > must
    > have a QS variable passed to it like "details.aspx?id=100". The master
    > page
    > is populated based upon who is viewing it so therefore, not everyone will
    > see the same list. What I'm trying to prevent is having someone simply
    > replace the variable in the querystring with another one and view someone
    > else's detailed data.
    >
    > I simply want to disguise the variable on the sending page to anything
    > like
    > "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
    > read it on the receiving page. Make sense?
    >
    > It's there a fairly simple and effective solution to doing this? Anything
    > that I've found out there just seemed to involve tons of custom class
    > writing (beyond me) and a lot of overkill. It doesn't need to be super
    > secure.....just disguised.
    >
    > TIA
    >
    >
    >
    >
     
    Joe Fallon, Dec 5, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marshall Dudley

    encrypting and decrypting with perl

    Marshall Dudley, Jan 27, 2005, in forum: Perl
    Replies:
    1
    Views:
    744
    Brian McCauley
    Jan 27, 2005
  2. Mehdi
    Replies:
    6
    Views:
    36,123
    sloan
    Apr 6, 2006
  3. Paul
    Replies:
    10
    Views:
    1,666
  4. Jeff

    encrypting querystring

    Jeff, Jan 13, 2009, in forum: ASP .Net
    Replies:
    4
    Views:
    1,508
  5. Adeel Ahmad
    Replies:
    1
    Views:
    518
    Anthony Jones
    Mar 7, 2006
Loading...

Share This Page