• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Security in Query String Variables

Environment: C#.NET 4.0, Webforms

I need to place a primary key variable in a query string and would like to do it securely (e.g. prevent semantic URL attacks, etc.)  I am fairly new to ASP.NET and was wondering what these best technique, or techniques, are to accomplish this.

Any thoughts on the most secure techniques and those techniques that are part of "best practices" would be appreciated.
0
adskarcox
Asked:
adskarcox
3 Solutions
 
adskarcoxAuthor Commented:
Here is an example of what I need to do:

http://www.myapp.com/ViewProduct.aspx?id=1234

I need to do this securely.
0
 
adskarcoxAuthor Commented:
I was considering using a guid in the query string, instead of the row's primary key, but I have read that placing a guid in the query string is bad form.
0
 
binaryevoCommented:
Yes, deffiantely a security risk either GUID or the ID.  I would Encrypt it with an AES encryption library or write your own.  .Net has many different ways to utilize encryption technology.
0
 
Manoj PatilSr. Software EngineerCommented:
Hi you can Encrypt the QueryString like following

http://www.codeproject.com/Articles/25719/Query-string-encryption-for-ASP-NET
0
 
cubaman_24Commented:
Hello:
I would check users rights in server side code instead of spend time hiding the real id.  It would be more secure and less time consuming.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now