Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2008-09-03T07:22:13Z by SystemAdmin
SystemAdmin
SystemAdmin
161 Posts
ACCEPTED ANSWER

Pinned topic encrypt and decrypt query string

‏2007-06-06T09:34:57Z |
This code has been used to encrypt and decrypt query string .No matter what the lenght of the url is ,this code will encrypt the key and the value the query string into 25 digit
using System;
using System.Collections.Generic;
using System.Text;
using System.Collections.Specialized;
using System.Collections;
using System.Web;

namespace BusinessLayer
{
public class QueryString : NameValueCollection
{
private string document;
public string Document
{
get
{
return document;
}
}
public QueryString()
{
}
public QueryString(NameValueCollection clone): base(clone)
{
}
//################################################## ###############################################
//This Class Has been used to get the URl from the address browser of the page
// http://www.hanusoftware.com
//################################################## ###############################################
//this method has been used to get the current URL of the page
public static QueryString FromCurrent()
{

//returns the current url from the address bar
return FromUrl(HttpContext.Current.Request.Url.AbsoluteUr i);

}
/// <summary>
/// This method has been used to divide the Address URl into characters chunks
/// </summary>
/// <param name="url"></param>
/// <returns></returns>
public static QueryString FromUrl(string url)
{
//it breaks the address URL in array with separator of ? mark
//this line breaks the Querystring and page
string[] parts = url.Split("?".ToCharArray());
//instantiate the class object
QueryString qs = new QueryString();
//assign the page address to the variable
qs.document = parts[0];
//if there is any data in array
if (parts.Length == 1)
return qs;
//breaks the QueryString into characters chunks with separator mark &
string[] keys = parts[1].Split("&".ToCharArray());
foreach (string key in keys)
{
//again breaks into chunks by + mark
string[] part = key.Split("=".ToCharArray());
if (part.Length == 1)
qs.Add(part[0], "");
//adds the QueryString key and value pair to the assigned variable
qs.Add(part[0], part[1]);
}
return qs;
}
/// <summary>
/// This method clear all exceptions in the passed string
/// </summary>
/// <param name="except"></param>
public void ClearAllExcept(string except)
{
//calls the method to clear except
ClearAllExcept(new string[] { except });

}
/// <summary>
/// this is the usual method which has to call clear all exceptions
/// </summary>
/// <param name="except"></param>
public void ClearAllExcept(string[] except)
{
//take an arrayList
ArrayList toRemove = new ArrayList();
foreach (string s in this.AllKeys)
{
foreach (string e in except)
{
if (s.ToLower() == e.ToLower())
if(!toRemove.Contains(s))
toRemove.Add(s);

}
}
foreach (string s in toRemove)
this.Remove(s);
}
/// <summary>
/// this method adds the key value pairs in QueryString of the URL
/// </summary>
/// <param name="name"></param>
/// <param name="value"></param>
public override void Add(string name, string value)
{
//checks nullability of the name
if (thisname != null)
//if not null then assign value to it
thisname = value;

else

base.Add(name, value);

}

public override string ToString()
{

return ToString(false);

}
/// <summary>
/// this ethod has been used to join all the characters array to the URL
/// </summary>
/// <param name="includeUrl"></param>
/// <returns></returns>
public string ToString(bool includeUrl)
{

string[] parts = new stringhttp://this.Count;

string[] keys = this.AllKeys;
//for each keys breaks the URL into chunks
for (int i = 0; i < keys.Length; i++)

parts[i] = keys[i] + "=" + HttpContext.Current.Server.UrlEncode(this[keysi]);

string url = String.Join("&", parts);

if ((url != null || url != String.Empty) && !url.StartsWith("?"))

url = "?" + url;

if (includeUrl)

url = this.document + url;

return url;

}

}

}

http://www.hanusoftware.com
Updated on 2008-09-03T07:22:13Z at 2008-09-03T07:22:13Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    161 Posts
    ACCEPTED ANSWER

    Re: encrypt and decrypt query string

    ‏2008-09-03T07:22:13Z  in response to SystemAdmin
    1. Do "users" login to your website? If so then you know who they are and you can utilize session variables. Place something like the customer number in the session and validate the customer number in the http request against that number in the session. If they are not the same, display some warning message instead of data. If there is no customer number in the session, redirect them to a login screen.

    2. If customers do not log in, then require some additional information like customer number and order number, or order number and email address, or order number and order date. Some combination of two or more values that uniquely identify one piece of data and (hopefully) only they would know (for certain). Then validate them both before displaying data. In these types of scenarios I also do two additional things:

    a. check the HTTP header to ensure that the request is from one of my pages. This way hackers can't use automated scripts to try a brute force location of information.

    b. place generated hidden value(s) in the form that I can use to validate the data. This might be something like one value that is a random number, then a second that is a hashed up version of the first (using some custom algorithm). Then I will unhash the second (using the same custom algorithm) and verify it against the first (I tend to use things like the current time in milliseconds for my first number as it will only appear once in history). I hope that makes sense. Again this is an attempt to ensure that the request is being made from my site and not through a script of some sort.

    There are many more ways than this, but this should get you started thinking of some ideas to protect your data.

    http://www.infysolutions.com

    software development company