URL encryption algorithm

1. Senior Member
Join Date
Dec 1969
Posts
230

## URL encryption algorithm

Pls give me ideas on how I can do this? <BR><BR>Thanks.

2. Senior Member
Join Date
Dec 1969
Location
Los Angeles, CA
Posts
21,192

## Do what?

not let users understand what you are passing or jsut so it does not break due to the data?<BR><BR>

3. Senior Member
Join Date
Dec 1969
Posts
16,931

## RE: Do what?

Yeah, and why not just hold all the important cr*p server-side so that it can&#039;t be tampered with?!<BR><BR>Craig.

4. Senior Member
Join Date
Dec 1969
Posts
224

## RE: URL encryption algorithm

many ways of doing encryption, just depends what you want it for and how your gonna use it.<BR><BR>could be as simple as a couple of functions.<BR><BR>public function encode(str)<BR> dim x<BR> dim i<BR> dim tmp<BR> for i = 1 to len(str)<BR> x = mid(str,i,1)<BR> tmp = tmp & chr(asc(x) + 86)<BR> next<BR> tmp = strreverse(tmp)<BR> encode = tmp<BR>end function<BR><BR>public function decode(str)<BR> dim x<BR> dim i<BR> dim tmp<BR> str = strreverse(str)<BR> for i = 1 to len(str)<BR> x = mid(str,i,1)<BR> tmp = tmp & chr(asc(x) - 86)<BR> next<BR> decode = tmp<BR>end function<BR><BR>or as complex as an MD5 class.

5. Senior Member
Join Date
Dec 1969
Posts
230

## RE: URL encryption algorithm

I&#039;d like to encrypt the parameters passed in the query string.<BR><BR>In your code, is 86 something that I can replace with any number?

6. Senior Member
Join Date
Dec 1969
Location
Los Angeles, CA
Posts
21,192

## I guess you could

jsut add a number to the ascii value and to decvode, reduce that number or vice versa

7. Senior Member
Join Date
Dec 1969
Posts
224

## RE: URL encryption algorithm

aslong as it stays within the ascii range.

8. Senior Member
Join Date
Dec 1969
Posts
16,931

## Yeah, but WHY?

Why are you investigating this? What problem is this a solution to?<BR><BR>I don&#039;t want to rain on your parade, but sticking URL encryption on a web app is rarely a solution to any problem - most of the time (especially if you&#039;re asking questions on here rather than reading up on encryption methodology) you&#039;re either using a sledgehammer to crack a nut, or you&#039;re looking in the wrong place for security.<BR><BR>Craig.

9. Senior Member
Join Date
Dec 1969
Posts
230

## RE: Yeah, but WHY?

Ok, this web app was written that allows passing of parameters thru the quesry string. For example, an account number is passed and obviously this is a sensitive info. Then since it&#039;s in the quesrystring, modifying one character in the account number could allow the user to access somebody else&#039;s transactions. <BR><BR>So what we&#039;ve thought is to encrypt the querystring and don&#039;t allow the users to change any param value.

10. Senior Member
Join Date
Dec 1969
Posts
1,846

## I know everyone else has said this

already but you really shouldn&#039;t be relying on encryption of the querystring to secure ANYTHING. You should be making people login and giving permissions to that user only to their stuff or to groups of stuff (permission levels). Encryption of the string is NOT a good way to protect anything. I would think it a better use of time to secure the app than to encrypt the string.

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•