How to encrypt SSN in querystring?

Discussion in 'ASP .Net' started by Jeff, Jun 9, 2010.

  1. Jeff

    Jeff Guest

    Hi

    asp.net 4.0
    visual studio 2010

    I'm developing a website which will have ssn included in the querystring.
    Are looking for ways to encrypt it.
    Have thought about using System.Security.Cryptography namespace. But haven't
    decided on which class to use. Considering X509Certificate. Also I think the
    url have to SSL.

    Thinking of encrypt the entire querystring, parameter name and parameer
    value gets encrypted.

    any recommendations?
    Jeff, Jun 9, 2010
    #1
    1. Advertising

  2. Jeff

    Mr. Arnold Guest

    Jeff wrote:
    > Hi
    >
    > asp.net 4.0
    > visual studio 2010
    >
    > I'm developing a website which will have ssn included in the querystring.
    > Are looking for ways to encrypt it.
    > Have thought about using System.Security.Cryptography namespace. But haven't
    > decided on which class to use. Considering X509Certificate. Also I think the
    > url have to SSL.
    >
    > Thinking of encrypt the entire querystring, parameter name and parameer
    > value gets encrypted.
    >
    > any recommendations?
    >
    >


    You need to come up with something else. There would be no way I would
    come to your site with you using a SSN in the URL encrypted or not or
    SSL, not in today's environment and identity theift.
    Mr. Arnold, Jun 9, 2010
    #2
    1. Advertising

  3. hi Jeff,

    On 09.06.2010 19:07, Jeff wrote:
    > I'm developing a website which will have ssn included in the querystring.
    > Are looking for ways to encrypt it.
    > Have thought about using System.Security.Cryptography namespace. But haven't
    > decided on which class to use. Considering X509Certificate. Also I think the
    > url have to SSL.
    >
    > Thinking of encrypt the entire querystring, parameter name and parameer
    > value gets encrypted.
    >
    > any recommendations?

    Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
    hide the information from the user.


    mfG
    --> stefan <--
    Stefan Hoffmann, Jun 9, 2010
    #3
  4. Jeff

    Rajeev Gopal Guest

    On Jun 9, 1:45 pm, Stefan Hoffmann <> wrote:
    > hi Jeff,
    >
    > On 09.06.2010 19:07, Jeff wrote:> I'm developing a website which will have ssn included in the querystring.
    > > Are looking for ways to encrypt it.
    > > Have thought about using System.Security.Cryptography namespace. But haven't
    > > decided on which class to use. Considering X509Certificate. Also I think the
    > > url have to SSL.

    >
    > > Thinking of encrypt the entire querystring, parameter name and parameer
    > > value gets encrypted.

    >
    > > any recommendations?

    >
    > Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
    > hide the information from the user.
    >
    > mfG
    > --> stefan <--


    Hi Jeff,

    Better not to send SSN via querystring. For that matter, it is adviced
    not to plug in any sensitive data in querystring. There could be
    alternatives for sure.

    Thanks,
    Rajeev
    Rajeev Gopal, Jun 10, 2010
    #4
  5. Jeff

    Cubaman Guest

    On Jun 9, 7:07 pm, "Jeff" <> wrote:
    > Hi
    >
    > asp.net 4.0
    > visual studio 2010
    >
    > I'm developing a website which will have ssn included in the querystring.
    > Are looking for ways to encrypt it.
    > Have thought about using System.Security.Cryptography namespace. But haven't
    > decided on which class to use. Considering X509Certificate. Also I think the
    > url have to SSL.
    >
    > Thinking of encrypt the entire querystring, parameter name and parameer
    > value gets encrypted.
    >
    > any recommendations?


    Hello:
    Don't use query string. The spec for URL length does not dictate a
    minimum or maximum URL length, but implementation varies by browser.
    On Windows: Opera supports ~4050 characters, IE 4.0+ supports exactly
    2083 characters, Netscape 3 -> 4.78 support up to 8192 characters
    before causing errors on shut-down, and Netscape 6 supports ~2000
    before causing errors on start-up. Encrypted SSN would be bigger than
    this max length. Try to use post instead. And use ssl, it would
    encrypt the whole page.
    Cubaman, Jun 11, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitri Shvetsov

    SSN

    Dmitri Shvetsov, Apr 7, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    620
    Dmitri Shvetsov
    Apr 7, 2004
  2. Carson

    remove dash in ssn with sprintf

    Carson, Aug 9, 2006, in forum: C Programming
    Replies:
    19
    Views:
    618
    Al Balmer
    Aug 10, 2006
  3. DavidC

    Display SSN

    DavidC, Aug 2, 2010, in forum: ASP .Net
    Replies:
    0
    Views:
    450
    DavidC
    Aug 2, 2010
  4. Kamaluokeakua

    Global Address/Phone/SSN[Country ID]

    Kamaluokeakua, Oct 1, 2004, in forum: ASP .Net Building Controls
    Replies:
    4
    Views:
    178
    Kamaluokeakua
    Oct 2, 2004
  5. http://ejobseek.com

    Encrypt in Perl, De-encrypt in Javascript

    http://ejobseek.com, Sep 1, 2003, in forum: Perl Misc
    Replies:
    3
    Views:
    281
    James Willmore
    Sep 1, 2003
Loading...

Share This Page