locked
Masking/enrcrypting a URL RRS feed

  • Question

  • User-296881257 posted

    A software application offers a link to another page with predefined macros which are appended to the url.   Unfortunately this macro is not encrypted, and we need to encrypt/mask/or change the url when the page is renders so the user does not see it and use it inappropriately.

    Since the page is being opened through the vendors application the control needs to be in the resulting page. 

    Sunday, August 10, 2014 3:41 PM

Answers

  • User-734925760 posted

    Hi,

    According to your description, you want to encrypt/mask/or change the URL as you click the link. So far as I know, you need to rewrite the URL.

    There is a document about rewriting URL, please refer to the link below:

    http://msdn.microsoft.com/en-us/library/ms972974.aspx

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 11, 2014 3:43 AM
  • User-869039768 posted

    Looks like using POST over SSL to pass the data would be the more effective measure than trying to mask the URL (which the curious user can capture anyway).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 11, 2014 4:46 AM

All replies

  • User-734925760 posted

    Hi,

    According to your description, you want to encrypt/mask/or change the URL as you click the link. So far as I know, you need to rewrite the URL.

    There is a document about rewriting URL, please refer to the link below:

    http://msdn.microsoft.com/en-us/library/ms972974.aspx

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 11, 2014 3:43 AM
  • User-869039768 posted

    Looks like using POST over SSL to pass the data would be the more effective measure than trying to mask the URL (which the curious user can capture anyway).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, August 11, 2014 4:46 AM
  • User-296881257 posted

    Thank you for the reference.   I'm reading it now.   I did decide to redirect the page from the initial page after capturing the vendors macro and placing that in the session variable.   The redirection rewrites the URL and the back button is disabled.   I also am checking the server HTTP_REFERER to make sure the requestor is the vendors page that has the macro in it. 

    If the client some how captures the first redirection script and rewrites it passing another id it will give them a not valid page.   If they go to the second page directly with or without a param it will give them a 500 server error.    Is there a way to make that a more elegant error just for this page?

    Thanks!

    Monday, August 11, 2014 12:45 PM