Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1975
  • Last Modified:

Encrypting Sharepoint URL parameters

I need a solution for encrypting  the url parameters of a sharepoint URL e.g. " Text Here&Description=Description Text Here". I need any parameter after the ? to be encrypted.
(Just for reference, i'm using SPFF (Sharepoint Form Field Asistant: to pass the parameters to the NewForm Fields.

I found this when googling for a solution but don't know how to implement it or even if it can be implemented into sharepoint:
It's almost exactly what i'm after.

Is there anyone who knows how to do this?
I have access to Sharepoint Designer.

Any help will be much appreciated.

  • 4
  • 2
3 Solutions
you have good approach to do this, but fundamentally SPFF is created on JQuery which is is on client side, and the other part your encryption-decryption code should be on server side which is on server side.

when form is loaded in browser SPFF updates the fields by filling values by taking it from query string, and didn't do anything on server side. so if you pass encrypted string you need to have some way (update SPFF) to decrypt it from client, which in turn becomes request to server(with updated spff) to decrypt it.

but I think this is not good approach .. as anyone can call same function by checking it from your JS..

so I think if you wanna go with encrypted query string you need to write your own new/edit form for your libraries.

hope I have clear my point.

Vikas Patel.

ydsonlineAuthor Commented:
Thanks for your explanation vikas. I actually don't mind if the encryption only occurs on the client side. The site is mainly for internal use and only needs to fool the normal user to not be able to edit the parameters. We are talking about standard users in an office environment so i'm not too worried if it doesn't get encrypted on the server side. But good point and clarification, thanks.
Are you still able to help with getting the encryption to work on the client side?

here are some examples of js encryption/decryption. merge it with SPFF while getting values from querystring and you are ready to roll.. ;)
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

ydsonlineAuthor Commented:
Thanks Vikas, but i'm not sure how to implement encrypting the url from those pages that you mentioned. I can see that you can use it to encrypt a url but can't figure out how to implement it into my current page so it automatically encrypts the url.

I have found an alternative method in the mean time which seems to work well for my purposes. It's not encryption unfortunately, but uses a frameset instead to hide the original page url. Then I used a script to disable the right click on the page so you can't use the properties of the page to see the url and then use another script to delete the history of the page url so it won't show up in the browser history.

I still would rather use encryption since the alternative method is more work for me.

If you can explain or give me an example of how to merge those encryption techniques with SPFF, that would be much appreciated.

Below I've include an example of what I did as an alternative just for the sake of this question:

New page with original url in framset:
<TITLE>This is test </TITLE>
<FRAMESET cols="*">
<FRAMESET rows="*">
<FRAME src="">
Script to Disable history:
<script language="javascript" >
javascript: window.history.forward(1);
Script to disable right click on page:
<SCRIPT TYPE="text/javascript">
//Disable right click script
var message="Sorry, right-click has been disabled";
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
document.oncontextmenu=new Function("return false")
// -->
Can you be a bit more precise about your goals? Encryption is a means, not an end. Saying that you want to encrypt the parameters is assuming a goal - but we need to understand the goal ourselves in order to be of the most help. What is it exactly that you want to allow/disallow?

From what you have written I think the answer is that you wish to make tampering impossible. If that is your only purpose (and not, for example, to also make the parameters incomprehensible) then you could roll together a solution that required no encryption. Such a solution would either store the parameters server-side or verify them whenever they were re-presented to the server. Really it is the same solution but with different implementations.  The former would even make them incomprehensible to the user, if that was a nice plus for you.

So to be clear, I am suggesting that when your app is going to put a link into a webpage (like you instead throw the string "secret_var=1&vulnerable_var=2" into a database alongside a large, high-entropy, temporary key. Then you use this link in the app: When that request comes in, you use the re-presented key to recover the actual parameters from the database and read them into your app yourself. I suspect that whatever development language you are using will already have something like this available as a library or code snippet. Most web apps already do dozens of database queries per page - one more pull on a primary key isn't going to slow things down.
ydsonlineAuthor Commented:
Thanks for you suggestions furball, i'll reply shortly...
ydsonlineAuthor Commented:
Thanks guys, some of your thoughts have led me to a solution that does not require encryption and seems to work well for my purposes. My Goal was as furball put it, to make tampering impossible. I have however found those encryption links handy as well and used them as part of my solution in a different way. so thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now