Re: Encrypt String or different approach

From: Paul Ingles (paul.ingles_at_newsgroup.nospam)
Date: 11/09/04


Date: Tue, 9 Nov 2004 12:42:22 -0000


> Don't use a GET (using a querystring), but rather a POST to the target
> page.
> The user then won't see any info in the address bar

But it'd still be open by viewing the contents of the HTTP request.

To answer the original questions:

1) You could always use a URL Rewriter or something that would inspect the
request, and transfer the location to the actual URL.

2) Encrypting the string is a fairly sound approach in my opinion, but you
need to ensure the key is kept securely. Have a look at the DPAPI articles
on MSDN, they've got some good suggestions for that kind of thing.

"Jeff Dillon" <jeff@removeemergencyreporting.com> wrote in message
news:OqCU0vbxEHA.3224@TK2MSFTNGP14.phx.gbl...
> Don't use a GET (using a querystring), but rather a POST to the target
> page.
> The user then won't see any info in the address bar
>
> jeff
>
> "Gary Townsend (Spatial Mapping Ltd.)" <garyt@spatialmapping.com> wrote in
> message news:crNjd.127215$df2.85635@edtnps89...
>> Good afternoon,
>>
>> I am building an application that uses ASP .NET, and Blackmoon FTP
>> Server, My plan currently is to automate some user processes one of
>> those processes is to allow them to download files in their FTP Root
>> directories via HTTP for our clients who are behind firewalls which
>> prevent them from using the FTP protocol.
>>
>> So to this end i have created a page which lists all thier files out,
>> then provides a link that would spawn a new window which would initiate
>> the transfer. Couple problems exist for me being that i have only been
>> using ASP .NET for 2 weeks now my question is this.
>>
>> 1) Is there possibly a better way to initiate the file transfer without
>> spawning a new window
>>
>> 2) if spawning a new window is the route i go is there a way to encrypt
>> the string i send to the new page so that people can hack the file
>> transfer page to download any files they want.
>>
>> Any suggestions on improving my approach to this problem are also
>> welcome.
>>
>>
>> Gary Townsend
>> Systems and Web Developer
>> Spatial Mapping Ltd.
>> http://www.spatialmapping.com
>> 250 564 1928
>
>



Relevant Pages

  • Re: Encrypt String or different approach
    ... > Don't use a GET (using a querystring), but rather a POST to the target ... >> those processes is to allow them to download files in their FTP Root ... >> then provides a link that would spawn a new window which would initiate ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: .old files being created by root
    ... The external program running on another server but connected to the overall system network apparently picks them up with an ftp program. ... the other end must be running a script (not a human logging in ... She should be in the target directory or some directory ... you never said if this is an SCO UNIX OS or Linux or some other UNIX. ...
    (comp.unix.sco.misc)
  • Re: CWinThread and Memory Leaks.
    ... When the target is a window created by ... enter the receptive state on a regular, timely basis, because outside this ... and this allows interthread SendMessage to work. ...
    (microsoft.public.vc.mfc)
  • Re: FTP Server
    ... The firewall is not installed on the CE target. ... When i try to connect from the Windows Explorer FTP connection, ... If you just want the FTP server, you don't need the "File Server" ...
    (microsoft.public.windowsce.embedded)
  • Re: boot problem
    ... in the center window), ... Assuming you have been able to run Target Analyzer, ... particularly 'Step 3 Create a New Configuration': ... > the installed the compact flash into the target system (it has a bootable ...
    (microsoft.public.windowsxp.embedded)