>> Client uses ASP, wants to send user info via url encrytped string, which >> needs to be decrypted, preferably by CF. We have been wading in the shallow >> end of TripleDes without success. > > rot13 is much easier to get right. > TripleDes seems overkill for something so non-sensitive it's in the URL. > > What are you exchanging, and who does it need to be safe from ?
Tom's question is really on point here. If you're providing it in the URL, and presumably passing it back to the server, the fact that it's encrypted is probably irrelevant - anyone could copy the URL parameter, without knowing what it means, and use it elsewhere. I would recommend that you consider using something like a session token, with no inherent meaning at all, if that's all the functionality you need. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315936 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
