Solved

How to encrypt pass query string

Posted on 2004-10-20
20
267 Views
Last Modified: 2013-12-24
I am trying to encrypt a url pass query string from one page to another page using various scripts.

An example of which is fround on http://www.4guysfromrolla.com/webtech/012000-1.shtml

It works very well. However when i try to incorporate it witihin my website which is using the frontpage database region wizard it doesn't work.

I.e. when the asp page looks for the query string it seems it is unable to find it.

any ideas how i am can encrypt a string passed through from page to page without using sessions or forms?

thanks.
0
Comment
Question by:Ricky11
  • 9
  • 6
  • 5
20 Comments
 
LVL 12

Expert Comment

by:rcmb
ID: 12356871
The issue comes about because you are hiding the query string from the browser. FrontPage will only accept query strings passed from a URL or Form so unless you unhide the information or put it in a hidden form field you are out of luck using frontpage.

RCMB
0
 

Author Comment

by:Ricky11
ID: 12356987
Thanks

THe page that is reciving the query paramater looks like this now.

www.somesite.com/test.asp?crypt=*&^*&(&*Y*SY(D*HJS()*&S*(IS))))900000

Something like that, becuase my script is blocking the actually query from being seen.

But the page also decrepts the querystring and puts it back in to a vairbale. and then i want to use that variable inside a frontpage database region wizard, but no luck

I know that teh decrpt is working becuase when i output <%=decrypt_variable%> it displays it fine..

If nobody comes up with a better solution i will give you the points, and try to figure something out with sessions, but the problem with sessions is that i will not be able to "send page to a friend" so if a user wanted to click on a linkk and get to that exact page they will not be able to do it using sessions right..?

thanks.
0
 
LVL 12

Accepted Solution

by:
rcmb earned 250 total points
ID: 12357038
If you convert your frontpage wizard to straight vbscript then you can use your encrypted url. The problem with frontpage is that you must pass via a URL or Form. When the database results start to process the information it is looking at the URL so it only finds the encrypted code.

If you use VBScript to build your database connection and display you can assign the pass information to a variable and then have the SQL query use the variable to conduct your search. This is what I was eluding to in the out of luck with FrontPage comment.

Try using straight VBScript to display your results and make your query look like

SELECT * FROM Table WHERE field1 = '" & decrypt_variable & "'

Enjoy,
RCMB
0
 
LVL 14

Expert Comment

by:hhammash
ID: 12360644
Hi,

You can pass values using Session variables which will not appear in the URL and no need to encrypt anything.

hhammash
0
 
LVL 12

Expert Comment

by:rcmb
ID: 12360718
hammash

FYI --

the initial request was

"any ideas how i am can encrypt a string passed through from page to page without using sessions or forms"
0
 
LVL 14

Assisted Solution

by:hhammash
hhammash earned 250 total points
ID: 12364055
Ricky11,

To understand it well.

When you encrypt on one page you have to decrypt on the destination page.

You have a link on one page,  that link posts with parameters to another page which is a DRW.  You encrypted the parameters.  Now the parameters are sent to the other page "the DRW" and get decrypted there.  The problem comes when the parameters are decrypted on the page which has the DRW.  This makes the DRW ignor the parameters.

The DRW on the other page likes to get the parameters directly.

You need a middle page that has the decrypt code then to build the parameter after decrypting the code.

1- Page1.asp with encrypted parameters send to page2.asp
2- Page2.asp will have a code like this:
<%
Decrypt code
Put the result of the decrypted code into a variable
VarFieldName=TheResultOfTheQueryStringAfterDecoding
response.redirect "page3.asp?FieldName=VarFieldName"
%>


What happens is:
The link gets clicked on page1,  the link sends the encrypted parameters to page2.asp. Page2.asp decrypts the parameters then puts it in a variable.  Then the page redirects to Page3.asp which is the DRW with the right parameters.  The parameters during redirection will not appear in the address bar.

I tried a sample locally,  it worked,  and the DRW displayed the results.

Regards
hhammash

0
 
LVL 14

Expert Comment

by:hhammash
ID: 12364132
I mean, in the middle page you receive the querysting,  decode it,  assemble the variable,  then redirect with the decoded parameters.
0
 
LVL 14

Expert Comment

by:hhammash
ID: 12364272
Here is a sample of the middle page

<%
Put the decrypt code here

MyQ=DecryptedQueryStringsResultHere
response.redirect "Page3.asp?"&MyQ
%>
<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>

<body>

<p>&nbsp;</p>

</body>

</html>
0
 

Author Comment

by:Ricky11
ID: 12367336
To : Hhammash,

Thank you for your comments.

However if you redirect a page to another with parameteres, like so
response.redirect "page3.asp?FieldName=VarFieldName

After it redirects the url will be clearly visible showing page3.asp?fieldname=xxxx -- I have tried it after decoding in the middle page and then redirection, the parameter gets displayed in the url, so it defeats the whole purpose.. If I can decode in the middle page and then transfer teh variable without the url that would be easier.. I don't knwo.

I will wait for your reply, as you seem to say that in your example the url did not have the parameteres, i wonder how you did that becuase if you redirect to a page it will display the fieldname=xxxx in the url... Unless you are posting the info within a form i guess.

0
 
LVL 14

Expert Comment

by:hhammash
ID: 12368093
Hi Ricky11,

You are right.  What I did was:
I have a table for pictures,  each picture has an ID
I have Page1.asp with encrypted links
I have Page2.asp with decrypted code and a form with a hidden field that has the name of the "KeyField" and the value
<%=request.querystring()%>.  Page2.asp has a body onload action: <body onLoad="Form1.submit()".  The form is actually posted to the DRW.

I have page3.asp with the DRW that receives the value from the hidden field and does not display the parameters.

What you should do is:

You said and you are right that on the DRW the parameters are showing.  Now,  on page2.asp that has the decrypt code,  store the query string in the hidden form field value.

When page2.asp is loaded it automatically submits the form with the value of the decrypted string to the DRW, that shows the results without showing the parameters on the address bar.

Sorry I used the form in page2.asp unlike what you requested by, since it is a middle connection I saw no harm in using a form.

Regards
hhammash
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Expert Comment

by:hhammash
ID: 12368142
Hi Ricky,

Your goal is:

1- When the user take the mouse of the hyperlink it should not show the readable parameters
(this is achieved by encrypting the hyperlink)
2- To use the results after decryption on the DRW without showing the parameters
(this is achieved by page2.asp)

The form in page2.asp does that without the need for any button to be pressed by the user,  moreover,  the user will not notice it.  He/she will see the results.

hhammash
0
 

Author Comment

by:Ricky11
ID: 12368162
Yes I agree the middle page will rediect after decrypting the code and then putting it back in the variables..  then redirect to page.asp?productid=xxx&color=blue  etc..

but then the page.asp url will show everythign in the url. i have tried. it.

anyway perhaps i am missing something.. i am going to try using a form in the middle page and having a script automaticly post the info.. i will try that.. although i feel that i shouldn't need it. and it will just use loading time

you have assitsted me in this answer, i will distibute the points shortly.

tks
0
 

Author Comment

by:Ricky11
ID: 12368177
i didnt' read your previous post.. the form is exatly what i was thinking of. i will check it out..

but instead of using a middle page altogether,  why can't i use a form in page1.asp and then post to page2.asp without using the middle page at all.. that way there will be no need to decrpt, but then that defeats the whole purpose of this questions, since i mentioned no forms or no sessions.

the reaons for that is simple, i want the user to be able to click on the url from anywhere and be taken tot he same correct page,  and only a url with parameters could do this, unless i put a cookie, but that would not work if the person wanted to "send page to friend"

comments.
0
 
LVL 14

Expert Comment

by:hhammash
ID: 12368282
Yes of course it will defeat the purpose of the question.

But,  by using the form in the second page,  the purpose of the question will not be defeated.  

This way you can use the hyperlink with the parameters encrypted "as you requested" on Page1.asp,  and you will display the drw without showing the parameters on Page3.asp.

Keep using the encrypted parameters link on page 1 and get the results on page 3.  Page2 is just a processor.

hhammash
0
 
LVL 12

Expert Comment

by:rcmb
ID: 12368337
This entire process is very simple if you just eliminate the FrontPage Database Results Wizard on the destination page.

Page 1 has the encrypted link.

Page 2 has the decryption and database code.

Problem solved.

We do not have to use FrontPage to display database results. I mix frequently in my design because FrontPage is not flexiable enough for all the things we desire to do.

Simply build your dbconnection with VB Script and display your results in that manner. You can then simply assign your decrypted values to a variable and you are done. No need for a controller or anything else. The system will work just as you desire.

RCMB
0
 

Author Comment

by:Ricky11
ID: 12368540
Thanks everybody.. I will assign the points..

hhammash, your suggestion of using the form in the middle does work.. But I forget to mention that I would like to be able to send the page to a friedn.. i.e the url should be acceable to that particular page.. If i cut and copy the url with any parameters (i was hoping the encrypted parameteres would be there) then it would be possible for anybody to access that particular page. using the form method, it is true that the parameters are not displayed and the page displays correctly but once you cut and copy the url. the page will fail as it has no parameters pulled from the form..

Thanka again.
0
 
LVL 14

Expert Comment

by:hhammash
ID: 12368639
Hi Ricky11,

This is another matter, giving the link to a friend.  Did you solve this or not yet?

I agree with RCMB that Frontpage DRW does not give you flexibility like using strict ASP with Database Connection.  But I tried to fix your problem depending on you using DRW.

Regards
hhammash

0
 

Author Comment

by:Ricky11
ID: 12368674
I am going to try to convert the frontpage database connection to asp script, and then do without the form altogether.. that way the encrypted value will show up in the urla dn the asp scrtip should be able to decrpt it and post the value the page without showing.. and then the "send page to a friend" will still work since the encrypted values are in the url.

0
 
LVL 14

Expert Comment

by:hhammash
ID: 12369678
Good idea,
Good luck

In this case you use two pages instead of three
0
 
LVL 12

Expert Comment

by:rcmb
ID: 12369770
I love FrontPage and have been using it for years. But there are cases where the design of the program is limited. This is one of those cases and the process you are now trying is the right choice. It gets difficult sometimes to try to figure out ways around the limitations of FrontPage.

Have a great day and thanks for the points.

RCMB
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

When deciding to adopt any help desk solutions many factors should be explored before taking decisions. This will change from business to another but in general there are some kind of rule of thumb. Here are some quick tips: Do we need only ticket…
Turn A Profile Picture Into A Cartoon Using Photoshop And Illustrator This tutorial will teach you how to make a cartoon style image out of a regular picture. I have tried to keep the tutorial as simple as possible. I used Adobe CS4 for this tuto…
The purpose of this video is to demonstrate how to properly insert a Vimeo Video into a WordPress site or Blog. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now