Encrypt Or Hide QueryString at Asp.net website using .net 3.5
10,622
Why would you want to encrypt the query string? If you are trying to send sensitive information from the browser to the server, use SSL. If you try to encrypt it yourself, you are bound to fail in some subtle way. Don't re-invent the wheel.
Author by
Amr Elnashar
Senior Software Engineer @ Maarif for Education and Training.
Updated on June 04, 2022Comments
-
Amr Elnashar almost 2 years
I have an existing asp.net web site built with master pages and what I need to hide or encrypt all pass query strings values in a common place without changing a lot of code.
Can any one help me with this please .. or is there another idea instead of hiding or encrypting >>?
Thanks.
-
Amr Elnashar over 12 yearsEncryption is not the best solution I know that but is there another solution to hide the data sent between pages.
-
Chris Shain over 12 yearsWho are you trying to hide it from? The user of the browser? Or some other entity (e.g. a hacker, man in the middle, government entity, etc)?
-
Chris Shain over 12 yearsIf you just want to hide it from the user, why not just use POST requests, instead of GETs? Alternatively, you can use a URL rewriter: weblogs.asp.net/scottgu/archive/2007/02/26/…
-
Chris Shain over 12 yearsI'd also add that if your intent is to prevent the user from doing something malicious (e.g. changing the querystring from ?userid=myaccount to ?userid=youraccount), then you should use a Session variable as @vcsjones mentions. No amount of security based on obfuscation is going to prevent a malicious user from breaking it.
-
Amr Elnashar over 12 yearsChris please do u have an example for the session solution ..
-
Chris Shain over 12 yearsPlenty of examples in the link that @vcsjones provided.