charles
Posts: 59
|
| Posted: 05/04/2010, 11:33 AM |
|
Hi all,
I wonder if any one has implemeted any project where you need to encrypt URL parameters on the querystring.
I need to encrypt url parameter for a page am working on, i saw a function that generates the encryption keys but my issue is how to adapt it to the codecharge IDE. I dont mind if i have to hard code it somehow; i just need some guidance.
I have over 200 pages in this project and more than half of this sends sensitive parameter through the querystring.
Any help will be greatly appreciated.
thanks
|
 |
 |
datadoit
|
| Posted: 05/04/2010, 12:00 PM |
|
Charles are you talking about the "visual" presentation of the URL
parameters? Such as http://www.yoursite.com?ssn=123456789
or are you talking about what's "posted" to the URL? Such as a search
form and subsequent results grid.
If you don't care about the visual, then simply SSL encrypt the site.
All posted information (don't use GET) will be encrypted anyways.
Other resources:
http://www.isapirewrite.com/
|
|
|
|
charles
Posts: 59
|
| Posted: 05/04/2010, 12:27 PM |
|
Hi datadoit,
Thanks for your quick response. actually it is a client that raised this issue and it is about the visual presentation of the URL.The concern is that the anyone can manipulate the value in the URL to access records in the system
By the way, with SSL will the URL be encrypted.If so, how do i convert all the pages sending parameters from a link to SSL.
Absolutely, the 'visual' is the big issue here.
|
|
|
|
datadoit
|
| Posted: 05/04/2010, 2:06 PM |
|
In CodeCharge, there are page settings for 'Convert URL to', and 'SSL
Only'. Those will make sure all displays and postings happen with
encryption only (or HTTPS).
The transmission of the URL is encrypted when using SSL. The visual of
the URL itself on the client machine after processing the URL
transmission is not encrypted. Use something like ISAPI_rewrite to
handle that.
Sorry I don't have a sample - we're Apache mod_rewrite.
|
|
|
|
|
