Another option would be to always point to a "landing page" and then from then on continue internally to link. Like giving the users a link with an ID of: index.cfm?id=789
Your landing page would then look up the ID in the DB and forward it to your destination. Thank link to your destination could be obfuscated. Kind Regards, Nitai On Wed, Aug 18, 2010 at 5:41 AM, Alan Holden <[email protected]> wrote: > I think it's the query string you want to encrypt, not the whole URL. > And even just the "value" part of the name=value pair at that... > > Some of the values you see in the enterprise query strings are probably like > "toBase64()" conversions - not encryption - because the primary key they're > referencing could be mega-ginormous and exponential, no longer 'printable' > per se. > > I see query string obfuscation, encryption or some flavor of hashing - when > the target script is a fairly vulnerable process as designed. > > For example, a URL is emailed to somebody which contains some personally > identifiable data in the query string. Obfuscation would reduce the > possibility that someone could craft a looping attack upon decoding the > meaning of the vars within. Like an "unsubscribe" or "email something" link > - to a process which has no authentication schema to prevent abuse. > > If that's what you have, you might try the standard encrypt(), and then > toBase64() or URLEncodedFormat() the result, although it could get long > depending on the original value. > If not, I'd go with Ryan's advice. > > Al Holden > > -- > Open BlueDragon Public Mailing List > http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon > official manual: http://www.openbluedragon.org/manual/ > Ready2Run CFML http://www.openbluedragon.org/openbdjam/ > > mailing list - http://groups.google.com/group/openbd?hl=en > -- See for yourself how easy it is to manage files today. Join the revolution! Razuna SaaS On-Demand - Hosted Digital Asset Management Solution http://www.razuna.com/ Razuna - Open Source Digital Asset Management http://www.razuna.org/ Follow us on Twitter http://twitter.com/razunahq -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
