Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URL parameters encoded to prevent site hacking 2

Status
Not open for further replies.
crusader

crusader

Programmer
Apr 26, 2001
24
0
0
GB
Can anyone advise how you encode an url appended id (for throught site recognition of user)

e.g.

first cfm file:

<a href=&quot;nextpage.cfm?id=#userid#&quot;>next page</a>
-------------------------------------------------------
then the url would look like this:


how can I hide the number 9 so that no one can hack into mid site?

I can and am using session verification as well.
 
Sort by date Sort by votes
While I agree with Katun, the following code should do what you originally asked.

<cfset myHashValue=&quot;3kdc9e&quot;> <!--- arbitrary encrypt string --->
<a href=&quot;nextpage.cfm?id=#encrypt(userid,myHashValue)#&quot;>next page</a>

On nextPage.cfm, you'll need this:

<cfset myHashValue=&quot;3kdc9e&quot;>
<cfset id = decrypt(url.id,myHashValue)>

This doesn't prevent someone from hijacking a session since supplying the same url string will decrypt the same and still allow them access. The only way to really accomplish this is to create a unique &quot;hash&quot; value for each user and store it in a session variable. This way, the url string will only work for a specific user. Then again, if you're using session variables, I would just store the userID there in the first place as Katun suggests.

Good luck,
GJ
 
Upvote 0 Downvote
Try this code. Put a value in a unique session variable for every link and pass a sequential id via a URL parameter and use that URL parameter on the next page to figure out what session variable to assign the hidden ID from.

Bill Guttman
Great Coldfusion Tips

Calling Page: page.htm
----------------------------------
<CFSET Session.id1 = 42>
<CFSET Session.id2 = 32>
<CFSET Session.id3 = 122>
<CFSET Session.id4 = 432>

<a href=&quot;link.htm?id=1&quot;>Link1</a>
<a href=&quot;link.htm?id=2&quot;>Link2</a>
<a href=&quot;link.htm?id=3&quot;>Link3</a>
<a href=&quot;link.htm?id=4&quot;>Link4</a>


Link Page Example: link.htm
----------------------------------
<CFIF url.id EQ 1>
<CFSET Variables.idNbr = Session.id1>
</CFIF>

<CFIF url.id EQ 2>
<CFSET Variables.idNbr = Session.id2>
</CFIF>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
132
Mike Lewis
Mike Lewis
RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
130
LyndonOHRC
LyndonOHRC
lollieleaver
  • Locked
  • Question
Dreamweaver CS4 - how can I make an Access database downloadable from my site?
Replies
2
Views
48
lollieleaver
lollieleaver
Guthro
  • Locked
  • Question
Save site data DW8 and Win7
Replies
2
Views
36
Guthro
Guthro
raist3001
  • Locked
  • Question
Update multiple files in a site
Replies
2
Views
50
KozarTech
KozarTech

Part and Inventory Search

Sponsor

Back
Top