Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URL parameters encoded to prevent site hacking 2

Status
Not open for further replies.
crusader

crusader

Programmer
Apr 26, 2001
24
GB
Can anyone advise how you encode an url appended id (for throught site recognition of user)

e.g.

first cfm file:

<a href=&quot;nextpage.cfm?id=#userid#&quot;>next page</a>
-------------------------------------------------------
then the url would look like this:


how can I hide the number 9 so that no one can hack into mid site?

I can and am using session verification as well.
 
Sort by date Sort by votes
While I agree with Katun, the following code should do what you originally asked.

<cfset myHashValue=&quot;3kdc9e&quot;> <!--- arbitrary encrypt string --->
<a href=&quot;nextpage.cfm?id=#encrypt(userid,myHashValue)#&quot;>next page</a>

On nextPage.cfm, you'll need this:

<cfset myHashValue=&quot;3kdc9e&quot;>
<cfset id = decrypt(url.id,myHashValue)>

This doesn't prevent someone from hijacking a session since supplying the same url string will decrypt the same and still allow them access. The only way to really accomplish this is to create a unique &quot;hash&quot; value for each user and store it in a session variable. This way, the url string will only work for a specific user. Then again, if you're using session variables, I would just store the userID there in the first place as Katun suggests.

Good luck,
GJ
 
Upvote 0 Downvote
Try this code. Put a value in a unique session variable for every link and pass a sequential id via a URL parameter and use that URL parameter on the next page to figure out what session variable to assign the hidden ID from.

Bill Guttman
Great Coldfusion Tips

Calling Page: page.htm
----------------------------------
<CFSET Session.id1 = 42>
<CFSET Session.id2 = 32>
<CFSET Session.id3 = 122>
<CFSET Session.id4 = 432>

<a href=&quot;link.htm?id=1&quot;>Link1</a>
<a href=&quot;link.htm?id=2&quot;>Link2</a>
<a href=&quot;link.htm?id=3&quot;>Link3</a>
<a href=&quot;link.htm?id=4&quot;>Link4</a>


Link Page Example: link.htm
----------------------------------
<CFIF url.id EQ 1>
<CFSET Variables.idNbr = Session.id1>
</CFIF>

<CFIF url.id EQ 2>
<CFSET Variables.idNbr = Session.id2>
</CFIF>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
244
Mike Lewis
Mike Lewis
RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
252
LyndonOHRC
LyndonOHRC
lollieleaver
  • Locked
  • Question
Dreamweaver CS4 - how can I make an Access database downloadable from my site?
Replies
2
Views
87
lollieleaver
lollieleaver
Guthro
  • Locked
  • Question
Save site data DW8 and Win7
Replies
2
Views
72
Guthro
Guthro
raist3001
  • Locked
  • Question
Update multiple files in a site
Replies
2
Views
87
KozarTech
KozarTech

Part and Inventory Search

Sponsor

Back
Top