Solved

Security in Query String Variables

Posted on 2012-04-02
5
323 Views
Last Modified: 2012-04-06
Environment: C#.NET 4.0, Webforms

I need to place a primary key variable in a query string and would like to do it securely (e.g. prevent semantic URL attacks, etc.)  I am fairly new to ASP.NET and was wondering what these best technique, or techniques, are to accomplish this.

Any thoughts on the most secure techniques and those techniques that are part of "best practices" would be appreciated.
0
Comment
Question by:adskarcox
5 Comments
 

Author Comment

by:adskarcox
ID: 37796726
Here is an example of what I need to do:

http://www.myapp.com/ViewProduct.aspx?id=1234

I need to do this securely.
0
 

Author Comment

by:adskarcox
ID: 37796736
I was considering using a guid in the query string, instead of the row's primary key, but I have read that placing a guid in the query string is bad form.
0
 
LVL 14

Assisted Solution

by:binaryevo
binaryevo earned 167 total points
ID: 37797103
Yes, deffiantely a security risk either GUID or the ID.  I would Encrypt it with an AES encryption library or write your own.  .Net has many different ways to utilize encryption technology.
0
 
LVL 19

Assisted Solution

by:Manoj Patil
Manoj Patil earned 166 total points
ID: 37797846
Hi you can Encrypt the QueryString like following

http://www.codeproject.com/Articles/25719/Query-string-encryption-for-ASP-NET
0
 
LVL 8

Accepted Solution

by:
cubaman_24 earned 167 total points
ID: 37799833
Hello:
I would check users rights in server side code instead of spend time hiding the real id.  It would be more secure and less time consuming.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question