Hi Jason,
I'll skip question one, and give you my take on question two.
I do something like this.
Declare two functions:
<cfset variables.enc_key = "secret-hex-key" />
<cfset variables.enc_format = "BLOWFISH" />
<cfset variables.enc_encoding = "HEX" />
<cffunction name="encodeUrl" returntype="string" output="false">
<cfargument name="url_str" default="" />
<cfset return_url =
encrypt
(arguments
.url_str
,variables.enc_key,variables.enc_format,variables.enc_encoding) />
<cfreturn urlencodedformat(return_url) />
</cffunction>
<cffunction name="decodeUrl" returntype="void" output="false">
<cfif len(cgi.query_string) gt 0>
<cfset qs = urldecode(cgi.query_string) />
<cfset qs =
decrypt
(qs,variables.enc_key,variables.enc_format,variables.enc_encoding) />
<cfloop from="1" to="#listLen(qs,'&')#" index="i">
<cfset varPair = listGetAt(QS,i,'&') />
<cfset varName = getToken(varPair,1,'=') />
<cfset varVal = getToken(varPair,2,'=') />
<cfif varName neq 'cfid' and varName neq 'cftoken'>
<cfparam name="url.#varName#" default="#varVal#"
/>
</cfif>
</cfloop>
</cfif>
</cffunction>
I can then encrypt a url like so:
http://forums.anandtech.com/forumdisplay.php?
#encodeUrl('f=14&order=desc&page=2')#
And decode it and recreate the URL structure on the following page
like so:
<cfset decodeUrl() />
Hey presto, I can reference url variables as normal.
Simples
On 17 Aug 2010, at 21:44, Jason Allen wrote:
1. Should I encrypt url strings so that users are not enticed to play
with them?
2. If so, what is the best way to go about it?
I'm building a site/app and many things are done by passing variables
through url's. I see this done all the time with facebook (profile
id's), forums (page view, sorting), and other sites.
ex.
http://forums.anandtech.com/forumdisplay.php?f=14&order=desc&page=2
I'm just wondering if it's worth the effort to try and obfuscate the
url string for security reasons. I know this isn't limited to just
OpenBD, but as I'm deploying this on OpenBD I'll be looking at how to
do this with it's toolset.
-Jaon
--
Open BlueDragon Public Mailing List
http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon
official manual: http://www.openbluedragon.org/manual/
Ready2Run CFML http://www.openbluedragon.org/openbdjam/
mailing list - http://groups.google.com/group/openbd?hl=en
--
Open BlueDragon Public Mailing List
http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon
official manual: http://www.openbluedragon.org/manual/
Ready2Run CFML http://www.openbluedragon.org/openbdjam/
mailing list - http://groups.google.com/group/openbd?hl=en