Re: Encrypt QueryString

From: Paul Ingles (paul@oobaloo-dot-co-dot-uk)
Date: 06/25/02

• Next message: Ely Lucas: "ASPNET User Problem in Shared Hosting Environment"
• Previous message: Arild Bakken: "Re: performance monitor and security"
• In reply to: David Adams: "Encrypt QueryString"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Paul Ingles" <paul@oobaloo-dot-co-dot-uk>
Date: Tue, 25 Jun 2002 21:29:26 +0100

Another alternative (what we did at work):

Pass two querystring parameters, one is the ID number, the other a hash of
the ID number + secret key.

You generate the hash by appending something to the ID number (this should
be hidden and probably changed once in a while). Foe example, if the ID
number is 1212, the string to hash is 1212secretkey (choose something better
obviously :)

When the user clicks on a link, it then hashes the ID number passed in the
querystring, and checks it against what you would expect the hash to be
(i.e. generate it the same way as before). Then compare the two hashes, if
they match, you're ok, otherwise there's been some problem.

In the end, I coded a few functions which generated links to the pages
(which were article pop-ups). This function would automatically generate the
correct link based upon the ID number passed (including generating the
hash). Another function would then check that the hash passed was valid, if
so then you draw the page.

In the end we did it this way since we were using classic ASP without any
encryption components installed, and found code to a free MD5
implementation. Its still only in a page (and thus *extremely* inefficient)
but we needed something quick so it suited us fine.

"David Adams" <mel1daa@hotmail.com> wrote in message
news:#ayJVdaGCHA.2584@tkmsftngp08...
> Hi all,
>
> Is there a way to easily encrypt a QueryString with .NET? I have a
datagrid
> with 30 rows of data that have a hyperlink to user information
> (userinfo.aspx?ID=1234). I would simply like to have an encryption method
> that I can use to quickly encrypt and decrypt this value with little
> overhead.
>
> Any suggestions would be appreciated!
>
> Dave
>
>

---

• Next message: Ely Lucas: "ASPNET User Problem in Shared Hosting Environment"
• Previous message: Arild Bakken: "Re: performance monitor and security"
• In reply to: David Adams: "Encrypt QueryString"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: what is a hash ? ... A hash is NOT a one way encryption, ... hashes are primarily used in lookup tables. ... Almost all error correcting ... (sci.crypt) Re: incremental MD5 ? ... and i'm trying MD5 encryption, the original data is quite big and MD5 ... Hash the book to get the book hash ... Hash all the shelf hashes in a column to get the column hash ... (sci.crypt) Re: password length ... ]>]The short answer is "Different encryption ... ]>based hash, 128 bits in the case of the MD5 based hash. ... ]>Ie, the password algorithms are not encryptions, they are hashes. ... (alt.os.linux.suse) Re: symmetric and keys ... Thats why passwords don't use symmetrical encryption. ... Hashes take data, and convert it into a fixed size hash value. ... (microsoft.public.dotnet.security) Interchangeability of Hashing and Encrypting ... We know that hashes can be used for encryption purposes ... compute the hash of the first block ... public key, and the hash operation consists of encrypting ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2002-06