I think it's the query string you want to encrypt, not the whole URL. And even just the "value" part of the name=value pair at that...
Some of the values you see in the enterprise query strings are probably like "toBase64()" conversions - not encryption - because the primary key they're referencing could be mega-ginormous and exponential, no longer 'printable' per se.
I see query string obfuscation, encryption or some flavor of hashing - when the target script is a fairly vulnerable process as designed.
For example, a URL is emailed to somebody which contains some personally identifiable data in the query string. Obfuscation would reduce the possibility that someone could craft a looping attack upon decoding the meaning of the vars within. Like an "unsubscribe" or "email something" link - to a process which has no authentication schema to prevent abuse.
If that's what you have, you might try the standard encrypt(), and then toBase64() or URLEncodedFormat() the result, although it could get long depending on the original value.
If not, I'd go with Ryan's advice. Al Holden -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
