«

I'm trying to come up with a simple approach to disguise or encrypt a
querystring variable . The variable is a record ID. To my surprise, I'm
not having much luck finding a solution. I've been to www.asp.net and
googled some and wasn't able to come up with a simple and realistic
solution.

I have a master page that lists records and then a details page pulls
detailed data from tables in the database. The page needs details page must
have a QS variable passed to it like "details.aspx?id=100". The master page
is populated based upon who is viewing it so therefore, not everyone will
see the same list. What I'm trying to prevent is having someone simply
replace the variable in the querystring with another one and view someone
else's detailed data.

I simply want to disguise the variable on the sending page to anything like
"details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
read it on the receiving page. Make sense?

It's there a fairly simple and effective solution to doing this? Anything
that I've found out there just seemed to involve tons of custom class
writing (beyond me) and a lot of overkill. It doesn't need to be super
secure.....just disguised.

TIA

There's a great article with code written that can help handle this. Check
out:
http://www.dotnetjunkies.com/HowTo/9...75836DC72.dcik

I've found it works veyr nicely.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

"D. Shane Fowlkes" <> wrote in message
news:%...
> I'm trying to come up with a simple approach to disguise or encrypt a
> querystring variable . The variable is a record ID. To my surprise, I'm
> not having much luck finding a solution. I've been to www.asp.net and
> googled some and wasn't able to come up with a simple and realistic
> solution.
>
> I have a master page that lists records and then a details page pulls
> detailed data from tables in the database. The page needs details page
> must
> have a QS variable passed to it like "details.aspx?id=100". The master
> page
> is populated based upon who is viewing it so therefore, not everyone will
> see the same list. What I'm trying to prevent is having someone simply
> replace the variable in the querystring with another one and view someone
> else's detailed data.
>
> I simply want to disguise the variable on the sending page to anything
> like
> "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
> read it on the receiving page. Make sense?
>
> It's there a fairly simple and effective solution to doing this? Anything
> that I've found out there just seemed to involve tons of custom class
> writing (beyond me) and a lot of overkill. It doesn't need to be super
> secure.....just disguised.
>
> TIA
>
>
>
>

Why don't you create a couple of global functions for your application
(doesn't need to involve a custom class or anything) that you call to
encrypt and decrypt the ID as needed? You'd decide on and implement your
encryption scheme within these functions.

Another way, albeit a little more complicated, would be to hash the ID value
and store it as a secondary key within the database.


"D. Shane Fowlkes" <> wrote in message
news:%...
> I'm trying to come up with a simple approach to disguise or encrypt a
> querystring variable . The variable is a record ID. To my surprise, I'm
> not having much luck finding a solution. I've been to www.asp.net and
> googled some and wasn't able to come up with a simple and realistic
> solution.
>
> I have a master page that lists records and then a details page pulls
> detailed data from tables in the database. The page needs details page
> must
> have a QS variable passed to it like "details.aspx?id=100". The master
> page
> is populated based upon who is viewing it so therefore, not everyone will
> see the same list. What I'm trying to prevent is having someone simply
> replace the variable in the querystring with another one and view someone
> else's detailed data.
>
> I simply want to disguise the variable on the sending page to anything
> like
> "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
> read it on the receiving page. Make sense?
>
> It's there a fairly simple and effective solution to doing this? Anything
> that I've found out there just seemed to involve tons of custom class
> writing (beyond me) and a lot of overkill. It doesn't need to be super
> secure.....just disguised.
>
> TIA
>
>
>
>

D. Shane Fowlkes wrote:
> I'm trying to come up with a simple approach to disguise or encrypt a
> querystring variable . The variable is a record ID. To my surprise,
> I'm not having much luck finding a solution. I've been to
> www.asp.net and googled some and wasn't able to come up with a simple
> and realistic solution.
>
> I have a master page that lists records and then a details page pulls
> detailed data from tables in the database. The page needs details
> page must have a QS variable passed to it like "details.aspx?id=100".
> The master page is populated based upon who is viewing it so
> therefore, not everyone will see the same list. What I'm trying to
> prevent is having someone simply replace the variable in the
> querystring with another one and view someone else's detailed data.
>
> I simply want to disguise the variable on the sending page to
> anything like "details.aspx?id=ahiyne090793097hjkd" and then be able
> to "uncode" it or read it on the receiving page. Make sense?
>
> It's there a fairly simple and effective solution to doing this?
> Anything that I've found out there just seemed to involve tons of
> custom class writing (beyond me) and a lot of overkill. It doesn't
> need to be super secure.....just disguised.
>
> TIA

You could try to use a guid (uniqueidentifier in sqlserver) instead of
an autonumber id. Then the "hackers" can't just "add 1" and hope
to get a real id.

Hans Kesting

Great. Thanks! Is this in C#? I'm used to VB.NET so the syntax looks a
little off to me. I'll do my best to convert it and try it out. I may be
back on Monday for more help. =)



"Mark Fitzpatrick" <> wrote in message
news:%...
> There's a great article with code written that can help handle this. Check
> out:
>
http://www.dotnetjunkies.com/HowTo/9...75836DC72.dcik
>
> I've found it works veyr nicely.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP - FrontPage
>
> "D. Shane Fowlkes" <> wrote in message
> news:%...
> > I'm trying to come up with a simple approach to disguise or encrypt a
> > querystring variable . The variable is a record ID. To my surprise,
I'm
> > not having much luck finding a solution. I've been to www.asp.net and
> > googled some and wasn't able to come up with a simple and realistic
> > solution.
> >
> > I have a master page that lists records and then a details page pulls
> > detailed data from tables in the database. The page needs details page
> > must
> > have a QS variable passed to it like "details.aspx?id=100". The master
> > page
> > is populated based upon who is viewing it so therefore, not everyone
will
> > see the same list. What I'm trying to prevent is having someone simply
> > replace the variable in the querystring with another one and view
someone
> > else's detailed data.
> >
> > I simply want to disguise the variable on the sending page to anything
> > like
> > "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
> > read it on the receiving page. Make sense?
> >
> > It's there a fairly simple and effective solution to doing this?
Anything
> > that I've found out there just seemed to involve tons of custom class
> > writing (beyond me) and a lot of overkill. It doesn't need to be super
> > secure.....just disguised.
> >
> > TIA
> >
> >
> >
> >
>
>

Why not forget about using a QS?
Just create a session variable on Page1 and pull it out on Page2.
--
Joe Fallon



"D. Shane Fowlkes" <> wrote in message
news:%...
> I'm trying to come up with a simple approach to disguise or encrypt a
> querystring variable . The variable is a record ID. To my surprise, I'm
> not having much luck finding a solution. I've been to www.asp.net and
> googled some and wasn't able to come up with a simple and realistic
> solution.
>
> I have a master page that lists records and then a details page pulls
> detailed data from tables in the database. The page needs details page
> must
> have a QS variable passed to it like "details.aspx?id=100". The master
> page
> is populated based upon who is viewing it so therefore, not everyone will
> see the same list. What I'm trying to prevent is having someone simply
> replace the variable in the querystring with another one and view someone
> else's detailed data.
>
> I simply want to disguise the variable on the sending page to anything
> like
> "details.aspx?id=ahiyne090793097hjkd" and then be able to "uncode" it or
> read it on the receiving page. Make sense?
>
> It's there a fairly simple and effective solution to doing this? Anything
> that I've found out there just seemed to involve tons of custom class
> writing (beyond me) and a lot of overkill. It doesn't need to be super
> secure.....just disguised.
>
> TIA
>
>
>
>