Encrypted URL

Discussion in 'ASP General' started by Dave Navarro, Feb 18, 2008.

  1. Dave Navarro

    Dave Navarro Guest

    My boss wants to send an email to customers with a URL that allows them
    to download updates for our products.

    http://download.company.com?prod={encrypted_data}

    The encrypted data would contain the product ID, customer ID and a date
    stamp. Our code could decrypt the info, compare against a database and
    proceed based on various criteria.

    I haven't done anything with encryption, so I'm not sure where to begin
    on something like this. The important thing is that the encrypted value
    is not sequential, it needs some form of CRC or something to verify its
    integrity (to prevent people from writing a program that runs through
    sequential values trying to crack the site).

    Everyone on our site is written in classic ASP, so I'm looking for a
    classic ASP solution. Our host provider (godaddy -- not my choice, so
    please don't complain at me) does not allow us to install any third-
    party components, so unfortunately, that is not an option.

    Can anyone point me in the right direction?
     
    Dave Navarro, Feb 18, 2008
    #1
    1. Advertising

  2. "Dave Navarro" <> wrote in message
    news:...
    >
    > My boss wants to send an email to customers with a URL that allows them
    > to download updates for our products.
    >
    > http://download.company.com?prod={encrypted_data}
    >
    > The encrypted data would contain the product ID, customer ID and a date
    > stamp. Our code could decrypt the info, compare against a database and
    > proceed based on various criteria.
    >
    > I haven't done anything with encryption, so I'm not sure where to begin
    > on something like this. The important thing is that the encrypted value
    > is not sequential, it needs some form of CRC or something to verify its
    > integrity (to prevent people from writing a program that runs through
    > sequential values trying to crack the site).
    >
    > Everyone on our site is written in classic ASP, so I'm looking for a
    > classic ASP solution. Our host provider (godaddy -- not my choice, so
    > please don't complain at me) does not allow us to install any third-
    > party components, so unfortunately, that is not an option.
    >
    > Can anyone point me in the right direction?


    A more secure approach is not to place any data at all in any form on the
    URL.

    Instead place all the data you want to associate with the URL in a database
    table an use a GUID as key.

    The URL you place in the email need only reference the GUID. This is many
    advantages over encrypting the data. The amount of data the URL can
    represent can be large yet the URL will not be very big. Its simple and
    doesn't require all that mucking about with encryption algorithms. Its more
    secure since there is no way to decipher the URL and no way to spoof
    alternative data.


    --
    Anthony Jones - MVP ASP/ASP.NET
     
    Anthony Jones, Feb 19, 2008
    #2
    1. Advertising

  3. Dave Navarro

    Dave Navarro Guest

    In article <>,
    says...
    >
    > "Dave Navarro" <> wrote in message
    > news:...
    > >
    > > My boss wants to send an email to customers with a URL that allows them
    > > to download updates for our products.
    > >
    > > http://download.company.com?prod={encrypted_data}
    > >
    > > The encrypted data would contain the product ID, customer ID and a date
    > > stamp. Our code could decrypt the info, compare against a database and
    > > proceed based on various criteria.
    > >
    > > I haven't done anything with encryption, so I'm not sure where to begin
    > > on something like this. The important thing is that the encrypted value
    > > is not sequential, it needs some form of CRC or something to verify its
    > > integrity (to prevent people from writing a program that runs through
    > > sequential values trying to crack the site).
    > >
    > > Everyone on our site is written in classic ASP, so I'm looking for a
    > > classic ASP solution. Our host provider (godaddy -- not my choice, so
    > > please don't complain at me) does not allow us to install any third-
    > > party components, so unfortunately, that is not an option.
    > >
    > > Can anyone point me in the right direction?

    >
    > A more secure approach is not to place any data at all in any form on the
    > URL.
    >
    > Instead place all the data you want to associate with the URL in a database
    > table an use a GUID as key.
    >
    > The URL you place in the email need only reference the GUID. This is many
    > advantages over encrypting the data. The amount of data the URL can
    > represent can be large yet the URL will not be very big. Its simple and
    > doesn't require all that mucking about with encryption algorithms. Its more
    > secure since there is no way to decipher the URL and no way to spoof
    > alternative data.


    Hmm... thanks.

    --Dave
     
    Dave Navarro, Feb 21, 2008
    #3
  4. Dave Navarro

    Dave Navarro Guest

    Thanks!!

    In article <>, "Jon Paal [MSMD]" <Jon
    nospam Paal @ everywhere dot com> says...
    > http://www.4guysfromrolla.com/webtech/010100-1.shtml
    >
    > "Dave Navarro" <> wrote in message news:...
    > >
    > > My boss wants to send an email to customers with a URL that allows them
    > > to download updates for our products.
    > >
    > > http://download.company.com?prod={encrypted_data}
    > >
    > > The encrypted data would contain the product ID, customer ID and a date
    > > stamp. Our code could decrypt the info, compare against a database and
    > > proceed based on various criteria.
    > >
    > > I haven't done anything with encryption, so I'm not sure where to begin
    > > on something like this. The important thing is that the encrypted value
    > > is not sequential, it needs some form of CRC or something to verify its
    > > integrity (to prevent people from writing a program that runs through
    > > sequential values trying to crack the site).
    > >
    > > Everyone on our site is written in classic ASP, so I'm looking for a
    > > classic ASP solution. Our host provider (godaddy -- not my choice, so
    > > please don't complain at me) does not allow us to install any third-
    > > party components, so unfortunately, that is not an option.
    > >
    > > Can anyone point me in the right direction?
     
    Dave Navarro, Feb 21, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Leszek
    Replies:
    1
    Views:
    362
  2. Jon paugh
    Replies:
    1
    Views:
    944
  3. Timo
    Replies:
    3
    Views:
    481
    Tampa .NET Koder
    Feb 16, 2005
  4. Just D.
    Replies:
    0
    Views:
    550
    Just D.
    Aug 11, 2004
  5. Julia
    Replies:
    2
    Views:
    139
    Steven Burn
    Sep 22, 2004
Loading...

Share This Page