encrypt and decrypt query string - Community Credit Forums
in

    Community Credit Forums

encrypt and decrypt query string

Last post Tue, Jul 17 2007 6:38 AM by mukeshranjan. 2 replies.
Page 1 of 1 (3 items)
Sort Posts: Previous Next
  • Tue, Jul 3 2007 2:36 AM

    encrypt and decrypt query string

    This code has been used to encrypt and decrypt query string .No matter what the lenght of the url is ,this code will encrypt the key and the value the query string into 25 digit

     

     


    using System;
    using System.Collections.Generic;
    using System.Text;
    using System.Collections.Specialized;
    using System.Collections;
    using System.Web;

     

    namespace BusinessLayer
    {
    public class QueryString : NameValueCollection
    {
    private string document;
    public string Document
    {
    get
    {
    return document;
    }
    }
    public QueryString()
    {
    }
    public QueryString(NameValueCollection clone): base(clone)
    {
    }
    //################################################## ###############################################
    //This Class Has been used to get the URl from the address browser of the page
    // http://www.hanusoftware.com
    //################################################## ###############################################
    //this method has been used to get the current URL of the page
    public static QueryString FromCurrent()
    {

    //returns the current url from the address bar
    return FromUrl(HttpContext.Current.Request.Url.AbsoluteUr i);

    }
    /// <summary>
    /// This method has been used to divide the Address URl into characters chunks
    /// </summary>
    /// <param name="url"></param>
    /// <returns></returns>
    public static QueryString FromUrl(string url)
    {
    //it breaks the address URL in array with separator of ? mark
    //this line breaks the Querystring and page
    string[] parts = url.Split("?".ToCharArray());
    //instantiate the class object
    QueryString qs = new QueryString();
    //assign the page address to the variable
    qs.document = parts[0];
    //if there is any data in array
    if (parts.Length == 1)
    return qs;
    //breaks the QueryString into characters chunks with separator mark &
    string[] keys = parts[1].Split("&".ToCharArray());
    foreach (string key in keys)
    {
    //again breaks into chunks by + mark
    string[] part = key.Split("=".ToCharArray());
    if (part.Length == 1)
    qs.Add(part[0], "");
    //adds the QueryString key and value pair to the assigned variable
    qs.Add(part[0], part[1]);
    }
    return qs;


    }
    /// <summary>
    /// This method clear all exceptions in the passed string
    /// </summary>
    /// <param name="except"></param>
    public void ClearAllExcept(string except)
    {
    //calls the method to clear except
    ClearAllExcept(new string[] { except });

    }
    /// <summary>
    /// this is the usual method which has to call clear all exceptions
    /// </summary>
    /// <param name="except"></param>
    public void ClearAllExcept(string[] except)
    {
    //take an arrayList
    ArrayList toRemove = new ArrayList();
    foreach (string s in this.AllKeys)
    {
    foreach (string e in except)
    {
    if (s.ToLower() == e.ToLower())
    if(!toRemove.Contains(s))
    toRemove.Add(s);

    }
    }
    foreach (string s in toRemove)
    this.Remove(s);
    }
    /// <summary>
    /// this method adds the key value pairs in QueryString of the URL
    /// </summary>
    /// <param name="name"></param>
    /// <param name="value"></param>
    public override void Add(string name, string value)
    {
    //checks nullability of the name
    if (this[name] != null)
    //if not null then assign value to it
    this[name] = value;

    else

    base.Add(name, value);

    }

     

    public override string ToString()
    {

    return ToString(false);

    }


    /// <summary>
    /// this ethod has been used to join all the characters array to the URL
    /// </summary>
    /// <param name="includeUrl"></param>
    /// <returns></returns>
    public string ToString(bool includeUrl)
    {

    string[] parts = new string[this.Count];

    string[] keys = this.AllKeys;
    //for each keys breaks the URL into chunks
    for (int i = 0; i < keys.Length; i++)

    parts = keys + "=" + HttpContext.Current.Server.UrlEncode(this[keys]);

    string url = String.Join("&", parts);

    if ((url != null || url != String.Empty) && !url.StartsWith("?"))

    url = "?" + url;

    if (includeUrl)

    url = this.document + url;

    return url;

    }

    }

    }

     

    Software Development India

     

    Filed under:
  • Sat, Jul 7 2007 6:40 AM In reply to

    Re: encrypt and decrypt query string

    I would say sensitive information should be retained on the server, as far as possible and only a pointer to the information like the SessionID can be allowed to travel across the wire. That would be more safer.

    Also, for querystring and with the above argument of server-side complement that I have suggested, I would suggest, you can simply have a Convert.ToBase64String of the value that is displayed (so that it is not visible for casual prying eyes) and in the reverse you can use Convert.FromBase64String to get it back. What do you say?

    Complex encryption logic takes more horsepower and we have to preserve it through time instead of just letting it loose on the wire, getting it cracked and then attempting to strengthen the fortress more trading more CPU horsepower in that process.

    ----
    Deepak K Vasudevan
    Architect
    http://deepakvasudevan.blogspot.com/
    http://www.lavanyadeepak.tk/
  • Tue, Jul 17 2007 6:38 AM In reply to

    • mukeshranjan
    • Top 25 Contributor
    • Joined on Tue, Jul 17 2007
    • Mumbai, Maharashtra, India
    • Posts 52

    Re: encrypt and decrypt query string

    thanks for this much of details in encryption and decryption of query string

    can u help in regard of sql injection and cross site scripting

     

Page 1 of 1 (3 items)
Powered by Community Server (Commercial Edition), by Telligent Systems