I am building an eMail unsubscribe function, and I thought it would be a good
idea to encrypt the eMail address. In the email, I set the unsubscribe link to:
unsubscribe.cfm?id= l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI=
But, this string isn’t URLEncoded, so I encoded it like this:
Clark,
Yes, you could use the hidden/secret/unpublished tag
(cfusion_encrypt and cfusion_decrypt) which the CF Administrator uses
to make it URL compatible but if you change app servers (BD or Railo)
or if they kill it you will be screwed.
The best way we have found to do this is to use
What's the goal here? If you want to make sure that spambots can't harvest
that email address, you don't want to do Base64 on it as that's not
encryption and since it doesn't require a key to decode, you really haven't
protected anything.
Can you tackle it a different way than exposing the email
For example, a simple UUID would do the trick here.
John
Howard Fore wrote:
What's the goal here? If you want to make sure that spambots can't
harvest that email address, you don't want to do Base64 on it as
that's not encryption and since it doesn't require a key to decode,
you really
Yeah, I would have to agree that something like a UUID is all that is
necessary. It sounds like you just need a unique identifier that does not
show the email address, but associates to an email address in your
persistence layer.
Subscribe:
A logical path looking like you have a web interface
Clarke, besides considering the other useful suggestions about whether it’s
appropriate to even try those, or if there may be alternatives, I’ll say that
I’ve done it before for other reasons, with code like this (where string was
what needed to be encrypted, and key was the key for
Thanks Jeremy! I think the Hex encoding for the encrypt functions is exactly
what I was looking for.
Clarke
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Jeremy Bruck
Sent: Thursday, May 07, 2009 11:28 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Encrypting URL
Teddy John, now you’ve got me curious. I have a contactID field in my
database for each contact. Is that what you mean by UUID? Why would this be
better?
I think using the eMail address is better because it’s possible that someone’s
email address could be in the database twice (Please no
Thanks Charlie! I’m doing exactly what you said:
URLEncodedFormat(encrypt(string,key)).
The problem was that my encrypted string has a “+” in it, but URLDecode
translated that to a space. Then, the decrypt failed!
But, good suggestion on the try/catch. I probably wouldn’t have thought