When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Thursday, January 20, 2000

Encrypting the Information Passed through the QueryString

By Derrick


Many people on the ASP messageboard have asked how to "hide" the information passed through the Querystring from one ASP page to another. Often, these people are informed to use a Form with it's METHOD tag set to POST. This is all fine and good, but what if someone wants to provide a hyperlink a user can click, or wishes to use Response.Redirect to send the user from one page to another? If the developer still needs to pass information using one of these two techniques, the web surfer will see the variables and variable values in the Querystring!

- continued -

'

Well, that problem has been solved with the use of the Vernam Encryption technique outlined in an earlier article by Julian Sitkewich: Encryption with ASP. If you are unfamiliar with using Vernam Encryption, I highly recommend that you read Julian's article. It demonstrates how to setup the needed encryption key (referred to as KeyGen.asp in the source code provided), and how to use Vernam Encryption.

Using this encryption, you can transform a standard QueryString like:

/SomePage.asp?SL=ActiveServerPages&N1=4GuysFromRolla.com&N2=FreeURL.com

to utter goobledegook, something that the web surfer will have no idea what variables and values are being passed along through the QueryString:

/SomePage.asp?crypt=w%96%9Ei%7D%9D%AE%91%B7%ACf%86%C4%AC%CA%90%96c%A1%9D%8F%89%B2z%92U%87Z%95%CF%A6%A5i%BE%96%9C%91%B9%AA%A5%97d%BE%BF%95gwb%8C%93%B7%8A%88%A7%A2%94h%B8%A9%AA

Could you work out what as going on with the line above? If you can - I'll pack my bags and go home!

Note that the user can still see /SomePage.asp. With a little effort, you can change this into a file like Redirect.asp, and actually encrypt both the path and filename of the URL you want to send the user to!

You can view the script in action here on 4Guys. This will give you a chance to see the true power of encrypting the Querystring. Now you can pass sensitive data through the QueryString, such as password values, which you could not have done before!

I hope this proves useful for those out there. If any 3rd party companies decide to apply a commercial use of the FreeURL script, please place a reciprocal link to FreeURL.com! Thanks!

Happy Programming!


Attachments:

  • View the encrypted querystring source in action!
  • Download the source code in text format


    About the Author:
    I've been a games software developer for 11 years for companies such as Sony, Psygnosis, Virgin, Microprose, Broderbund and have given it all up for the internet. I've a number of personal projects which are approaching commercial status and I'm very excited about the net. Trained as a 3D artist / Designer, I'm not bewildered by coding having dealt daily with some of the best UK programmers, whose skills have rubbed off on me. I've spent the last year learning HTML/Javascript and the absolutely gorgeous ASP. I'm certainly not a geek!, I love fast cars, women, booze, romance in no particular order!



  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article