Thanks Jeremy! I think the Hex encoding for the encrypt functions is exactly what I was looking for.
Clarke From: [email protected] [mailto:[email protected]] On Behalf Of Jeremy Bruck Sent: Thursday, May 07, 2009 11:28 AM To: [email protected] Subject: Re: [ACFUG Discuss] Encrypting URL Parameters Clark, Yes, you could use the "hidden/secret/unpublished" tag (cfusion_encrypt and cfusion_decrypt) which the CF Administrator uses to make it URL compatible but if you change app servers (BD or Railo) or if they kill it you will be screwed. The best way we have found to do this is to use a HEX encoding instead which is fully URL compatible. We used base64 like you did at first and ran into challenges long term. The algorithm we use is AES with the Hex encoding. Yes it is a touch longer when compared to base64 but you never have to worry about dealing with special characters. Below is an example of our code that we use: encrypt(encryptedData, application.HexEncryptString, 'AES', 'HEX'); This generates code that looks like this: EE86208453404F3EC5E3BCFBDBBA2FA5 FYI, to create a compatible AES Encrypt String use the following <cfset myKey = generateSecretKey("aes")> If you are using base64 now you can create a single function and test for the HEX format and decrypt with it if passes and if not decrypt with base64. Here is the test code: <cfif ReFindNoCase('[^0-9a-fA-F]', arguments.str) EQ 0> <!--- 0 = yes HEX format! ---> Only thing I am not sure about is if AES is available in the std version of CF or purely enterprise. We have been using Railo lots and it is there. Regards, Jeremy ------------------------------------------ Strategic Growth Services, LLC Jeremy Bruck [email protected] 770-953-8643 x103 On May 7, 2009, at 10:42 AM, Clarke Bishop wrote: I am building an eMail unsubscribe function, and I thought it would be a good idea to encrypt the eMail address. In the email, I set the unsubscribe link to: unsubscribe.cfm?id= l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI= But, this string isn't URLEncoded, so I encoded it like this: unsubscribe.cfm?id=l5N6axdBQlGDpyAklnmkjP%2BmfaauBKvfS9G9RzUQRJI%3D But, I've still got a problem because when I URLDecode the parameter, it alters the string. Instead of: l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI= I get: l5N6axdBQlGDpyAklnmkjP mfaauBKvfS9G9RzUQRJI= It's changing the "+" to a space. As a result, my decrypt fails. My question is: What's the best way to generally handle this requirement? I know I could just replace the space with a "+", but I'm expecting there may be other characters that don't get handled correctly. And, I don't want to get a bunch of unexpected errors. I'm using ColdFusion 8 and doing the encrypt like this: encrypt(ARGUMENTS.data, variables.theKey, "DESEDE", "Base64") Is there a better encryption or encoding to use? Or, is there a better way to use URLEncode and URLDecode? Thanks for any ideas! Clarke ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
