«

Hi

asp.net 4.0
visual studio 2010

I'm developing a website which will have ssn included in the querystring.
Are looking for ways to encrypt it.
Have thought about using System.Security.Cryptography namespace. But haven't
decided on which class to use. Considering X509Certificate. Also I think the
url have to SSL.

Thinking of encrypt the entire querystring, parameter name and parameer
value gets encrypted.

any recommendations?

Jeff wrote:
> Hi
>
> asp.net 4.0
> visual studio 2010
>
> I'm developing a website which will have ssn included in the querystring.
> Are looking for ways to encrypt it.
> Have thought about using System.Security.Cryptography namespace. But haven't
> decided on which class to use. Considering X509Certificate. Also I think the
> url have to SSL.
>
> Thinking of encrypt the entire querystring, parameter name and parameer
> value gets encrypted.
>
> any recommendations?
>
>

You need to come up with something else. There would be no way I would
come to your site with you using a SSN in the URL encrypted or not or
SSL, not in today's environment and identity theift.

hi Jeff,

On 09.06.2010 19:07, Jeff wrote:
> I'm developing a website which will have ssn included in the querystring.
> Are looking for ways to encrypt it.
> Have thought about using System.Security.Cryptography namespace. But haven't
> decided on which class to use. Considering X509Certificate. Also I think the
> url have to SSL.
>
> Thinking of encrypt the entire querystring, parameter name and parameer
> value gets encrypted.
>
> any recommendations?
Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
hide the information from the user.


mfG
--> stefan <--

On Jun 9, 1:45*pm, Stefan Hoffmann <ste...@ste5an.de> wrote:
> hi Jeff,
>
> On 09.06.2010 19:07, Jeff wrote:> I'm developing a website which will have ssn included in the querystring.
> > Are looking for ways to encrypt it.
> > Have thought about using System.Security.Cryptography namespace. But haven't
> > decided on which class to use. Considering X509Certificate. Also I think the
> > url have to SSL.
>
> > Thinking of encrypt the entire querystring, parameter name and parameer
> > value gets encrypted.
>
> > any recommendations?
>
> Use SSL, any other "encryption" can be broken. Use AJAX, if you want to
> hide the information from the user.
>
> mfG
> --> stefan <--

Hi Jeff,

Better not to send SSN via querystring. For that matter, it is adviced
not to plug in any sensitive data in querystring. There could be
alternatives for sure.

Thanks,
Rajeev

On Jun 9, 7:07*pm, "Jeff" <it_consulta...@hotmail.com.NOSPAM> wrote:
> Hi
>
> asp.net 4.0
> visual studio 2010
>
> I'm developing a website which will have ssn included in the querystring.
> Are looking for ways to encrypt it.
> Have thought about using System.Security.Cryptography namespace. But haven't
> decided on which class to use. Considering X509Certificate. Also I think the
> url have to SSL.
>
> Thinking of encrypt the entire querystring, parameter name and parameer
> value gets encrypted.
>
> any recommendations?

Hello:
Don't use query string. The spec for URL length does not dictate a
minimum or maximum URL length, but implementation varies by browser.
On Windows: Opera supports ~4050 characters, IE 4.0+ supports exactly
2083 characters, Netscape 3 -> 4.78 support up to 8192 characters
before causing errors on shut-down, and Netscape 6 supports ~2000
before causing errors on start-up. Encrypted SSN would be bigger than
this max length. Try to use post instead. And use ssl, it would
encrypt the whole page.