encrypt url string

Question

User-507786106 posted

my application sends out an email to users and in that email is a link back to the application,

I do not want the URL string to be clear text, how to I encrypt the URL string once it comes to my application, and then forward it to the respective page?

The URL string with parameters & characters cannot be identified within the email.

Answer 1

User-474980206 posted

you encrypt the parameters not the string. after encrypting, you convert to Base64Url (a slight variant of base 64 encoding that's url safe). 

   https://linksite.com?<encrypted url>

of course when the link server redirects to the application url, the url will be in clear text.

Answer 2

User753101303 posted

Hi,

This is a registration or confirmation link? It doesn't even need to be encrypted, it could be just a guid you'll match on the db side and that will then expire...

If you are talking about the host name or the path the server needs to know that to get what will process the link (though I saw once someone who wanted to use cryptic names fore its page with IMHO maybe no reason at all).

If a sensitive value is encrypted but the link could work if given, the problem is likely that you should first check permissions. For example on this site the link to your or my profile is public but the server check the user who is accessing this link to allow or block changes.

Answer 3

User-507786106 posted

PatriceSc,

Well yes, this works very much like a confirmation link, except it is a internal application that sends notification that has a record ID in the url string. My goal is to conceal the url information so that it is not visible to the recipient users.

Thanks please continue to share your expertise.