Free asp encryption code?

[meckeard]

Hi,

I need to pass an ID through a querystring and do not want it to be easily recognizable.

For example, let's say I have the following URL:

http://www.somedomain.com/cart.asp?cart_id=1234

I don't want a user to easily recognize the cart_id. And I can't use cookies, sessions or a login, so I must pass it via the URL.

Has anyone used any asp encyrption code? I don't need anything overly complicated, just something to help with disguising the ID.

Thanks,
Mark

 

[GaryC123]

If you want it secure then you really need to use ssl.

http://www.intouchmedialtd.com

 

[Bastien]

If its being created in the link you can assign it any value you like, as long as you create a way to decode or match that value on the receiving page. Consider also using a random number to take the place of the cart_id and/or changing the name of the variable to something else (like c=some number)

Bastien

Any one have a techie job in Toronto, I need to work...being laid off sucks!

 

[onpnt]

if all you want to do is make it visually difficult on appearance to the user I would jsut use some client level script to a make shift encryption function.
something like

http://www.webfooters.com/cipher/

_____________________________________________________________________

[sub]
Hakuna matata!![/sub]

 

[meckeard]

Let me explain a little further.

I am using a shared SSL with my hosting company. It's free, but you actually move to a different domain when using it. Because of this, I can no longer access cookies or sessions on my site domain. That's why I thought about passing my cart_id in the URL.

Although I am using SSL, what I want to do is prevent the user from looking at the URL and seeing an ID and deciding to play with it. What if the ID was visible and was 1234. Well, they might want to change the URL and replace 1234 with 1233 to see the previous order. Not good.

Since the customer does not log in prior to adding items to the cart, I can't validate the customer with the order. And I don't want the customer to be able to see orders that do not belong to them.

onpnt - I will look over the site you posted.

Thanks,
Mark

 

[onpnt]

why don't you post the form? that doesn't ahve anyhting to deal with what you mentioned in retrictions

_____________________________________________________________________

[sub]
Hakuna matata!![/sub]

 

[meckeard]

onpnt,

Hmm, that might actually work. I will check it out and let you know.

Thanks,
Mark

 

[Don803]

I occasionally need to send url's via email, and do not want the url messed with.

I send the value, and a hash. I also use a secret salt value.

example:
salt = "salt makes food taste better"

Then on my page, if the value, and hash do not match I state that the page is unavailable.

It is not perfect, but it will keep everyone but determined hackers out.

I use it for responses to questions collected via the web.

If it is hacked, I have just lost one small piece of data.

function funGetHash(Value, salt)

Dim i 'As Integer
Dim hash 'As Long


Value = Value + salt
hash = CLng(5077)
For i = 1 To Len(Value)
hash = CLng(hash) And &H1FFFFFF
hash = CLng(hash) * 33 + Asc(Mid(Value, i, 1))
Next
funGetHash = Hex(hash)

end Function

http://server/folder/page.asp?ID=0000;hash=badcab

The hash function will always produce the same result given the same value and salt combination.

I wrote this routine after seeing a similar routine written in c++.

Make sure to use a long salt that is secret and you should be fine in low security applications.

If security is crucial, DO NOT USE THIS. It can be hacked. It is just a deterrant.