Encrypting the Information Passed through the QueryStringBy Derrick
Many people on the ASP messageboard have asked how to
"hide" the information passed through the Querystring from one ASP page to another. Often, these people are
informed to use a Form with it's
METHOD tag set to
POST. This is all fine and good,
but what if someone wants to provide a hyperlink a user can click, or wishes to use
to send the user from one page to another? If the developer still needs to pass information using one
of these two techniques, the web surfer will see the variables and variable values in the Querystring!
Well, that problem has been solved with the use of the Vernam Encryption technique outlined in an earlier
article by Julian Sitkewich: Encryption with ASP.
If you are unfamiliar with using Vernam Encryption, I highly recommend that you read Julian's
article. It demonstrates how to setup the needed encryption key
(referred to as
KeyGen.asp in the source code provided), and how to use Vernam Encryption.
Using this encryption, you can transform a standard QueryString like:
to utter goobledegook, something that the web surfer will have no idea what variables and values are being passed along through the QueryString:
Could you work out what as going on with the line above? If you can - I'll pack my bags and go home!
Note that the user can still see
/SomePage.asp. With a little effort, you can change this into
a file like
Redirect.asp, and actually encrypt both the path and filename of the URL you want to
send the user to!
You can view the script in action here on 4Guys. This will give you a chance to see the true power of encrypting the Querystring. Now you can pass sensitive data through the QueryString, such as password values, which you could not have done before!
I hope this proves useful for those out there. If any 3rd party companies decide to apply a commercial use of the FreeURL script, please place a reciprocal link to FreeURL.com! Thanks!
About the Author: