Security :: Ways Of Encrypting Querystrings?
Sep 8, 2010
I have been looking at ways of encrypting querystrings and I have found a few good examples.. but, I just want some clarification on what is most often referred to as the EncryptionKey and the characters that are in that key....Is there basically an unlimited number of alphanumeric combinations that could be used in the following code as the encryption key, is there anything that someone should be CAREFUL about including in that key?
using System.Security.Cryptography;
private static string EncryptionKey = "!#$a54?3";
/// other examples: "r0b1nr0y"
///in a try-catch:
key = System.Text.Encoding.UTF8.GetBytes(EncryptionKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(Input);
View 3 Replies
Similar Messages:
Oct 12, 2010
I have been trying to encrypt password and found a code which is working with Access fine but as i have changed to SQL it is not decoding the encrypted text.. it amazes me..this SQl code is not letting me log on..
[Code]....
Whereas this OlebDB/Access is working fine
[Code]....
View 4 Replies
May 3, 2010
I am wondering how to encrypt the below information in the "web.config" file of the "Account" folder (where we have the secured pages):
[Code]....
My issue here is that even after I compiled my application (using "aspnet_compiler -v /reports c:
eports"), the information inside the web.config file of the Account folder still not encrypted, and I want to publish my site to the customer server. So, since this server is a customer server, then they can access this "web.config" file and change our web-application security behaviour (correct me if I am wrong). Basically, I don't want the customer to even have access to our secured pages when they access our web-application using the web browser. How to solve this issue?
View 2 Replies
Mar 9, 2010
Is there any tools available to encrypt and decrypt Asp.net Web configuration sections like connection string ,etc.?
Can i get any add-on for this?If i use Enterprise Library i can do so,but without that is there any simple utility available?
View 1 Replies
Mar 14, 2011
I have created an x590 certificate that is in the file :
"C:UsersmartinAppDataRoamingMicrosoftSystemCertificatesMyCertificates"
I am trying to acces the public key to encrypt some plain text.
The system is throwing an "System.ArgumentOutOfRangeException" at the line
Dim certificate As X509Certificate2 = certificateCollection(0)
Can anyone tell me where I am going wrong or tell me another way to access the public key
.................................................
This is the complete code:
Imports System.Security
Imports System.Security.Cryptography.X509Certificates
Imports System.Security.Cryptography.X509Certificates.X509Certificate2
Imports System.Security.Cryptography.Pkcs
Partial Class encryptwithcertificare
Inherits System.Web.UI.Page
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartext As String = Textbox1.Text
Dim myStore As X509Store = New X509Store()
myStore.Open(OpenFlags.ReadOnly)
Dim certificateCollection As X509Certificate2Collection = myStore.Certificates.Find(X509FindType.FindBySubjectName, "bobby", True)
Dim certificate As X509Certificate2 = certificateCollection(0)
Dim code() As Byte = EncryptwithCertificate(cleartext, certificate)
Label1.Text = Convert.ToBase64String(code)
End Sub
Shared Function EncryptwithCertificate(ByVal cleartext As Byte, ByVal certificate As X509Certificate2) As Byte()
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartextsbyte() As Byte = encoding.GetBytes(cleartext)
Dim contentinfo As ContentInfo = New ContentInfo(cleartextsbyte)
Dim envelopedCms As EnvelopedCms = New EnvelopedCms(contentinfo)
Dim recipient As CmsRecipient = New CmsRecipient(certificate)
envelopedCms.Encrypt(recipient)
Return envelopedCms.Encode()
End Function
End Class
View 3 Replies
Aug 24, 2010
I have a webApplication in which i want to encrypt the data using Public key and whan it reach to the destination webapplication it will decrypted there with corresponding private key . Is there is any way to creating this pair of key?
View 3 Replies
Apr 22, 2010
I want to encrypt the password entered by the user....how do i go about it?is there any built-in function for it or will i be required to write a code for it?
View 5 Replies
Nov 1, 2010
I want the login password to not be sent in plaintext (due to the risk of hijacking). I know that this can be achieved in principle using MD5 or the like, but is there a common implementation for use with Asp.Net? Of course, it's crucial that the resulting hash (?) isn't easy to decrypt. When I read various posts on this matter, some people say it's just to do a reverse on the encrypted string, so that in effect, this is totally useless.
View 6 Replies
Nov 12, 2010
I have written a couple methods that encrypt and decrypt the appSettings section of my web.config file using the WebConfigurationManager. I just hooked up the methods to the page_load event to test that it works, which it does. Now I need to deploy to a web farm and need advice. What is the best way to make it so I can encrypt, but more importantly decrypt the web.config when I need to? I thought about putting a hidden page with "encrypt" and "decrypt" buttons, but that seems risky. What is the "accepted" method for rolling out something like this?
View 1 Replies
Feb 18, 2010
I have a problem hopefully someone out there will steer me in the right direction.
I have a web application that I am going to put on a standalone cd - currently the data is "Safe" because the database is in in the app folder and the code is located in the codebehind.
My problem is i'm putting this on a CD as a standalone site, anyone can access the database, or find the XML....
Is there a way to generate an encrypted Database / XML Page, that is complied with the CD, that the program can decrypt and access with a embedded key?
View 1 Replies
Mar 4, 2011
I have been killing myself over this for a couple weeks now and cannot find a viable solution. Here's my scenario:
I have a DTSX package that imports user data from an external database. It then creates user accounts and profiles in the local database. Users can also be created via a custom ASP.NET Membership Provider. The provider must be able to authenticate both types of users.
This was all fine and dandy during development because passwords were stored as clear text. However, now that we're ready for release the passwords format of the provider must be set to encrypted and so the users created via the DTSX must be created with an encrypted password. (I'd prefer the passwords were hashed but the client's requirements are that passwords be recoverable). The real problem seems to be creating an encrypted password within the DTSX that will be decryptable by the ASP.NET Membership Provider.
My original solution was to have the DTSX call a CLR stored procedure that had access to the same encryption logic as the provider. I got it working but our client wouldn't enable CLR integration. So that's out the window. Now I'm investigating alternatives. One alternative is to simply use the built-in encryption methods of T-SQL. But how do I share the keys used for the encryption/decryption?
My question is, is it possible to generate a password in T-SQL, say using EncryptByKey, that will also be decryptable by my provider? This means that the key in SQL must match the key in my machineKey configuration.
View 2 Replies
Dec 14, 2010
I received some code, a small c# asp.net application which manually posts a shared username/pwd to a 3rd party website for auto-logins from our intranet site. During transit the password is encrypted, but not within the application. Within this application a namevaluecollection is used and the username and password are hard coded. Originally the thought was, who cares if its hard coded because its shared between everyone anyway. Now we want to encrypt the username and password from within the application. I'm not sure the best way to accomplish the goal of making sure the password is encrypted "at rest". Normally I've seen passwords stored and encrypted within a database. I know we'll obviously have to move the password out of the application and store it somewhere else, I'm just not sure where. Do we move the username and pwd to the web.config file? I really am not sure the best way to approach this.
View 1 Replies
Sep 23, 2010
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
View 10 Replies
May 27, 2010
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
View 2 Replies
Jan 8, 2011
i want to learn ways of hacking for avoid them in aspow do hackers hacking web sites?and how do avoid them?
View 2 Replies
May 27, 2010
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..
View 1 Replies
Jun 28, 2010
I have used session to the creation of user and led them to the edit page ..But how do I retrieve my userID off from the session, or are there other ways to retrieve userID from?
View 3 Replies
Apr 28, 2010
Is there a utility to combine querystrings? I'm looking for something like:
Input: Combine("test=a&test2=b", "test3=c") Result: "test=a&test2=b&test3=c"
Input: Combine("test=a&test2=b", "") Result: "test=a&test2=b"
Input: Combine("", "test3=c") Result: "test3=c"
And maybe some weird ones:
Input: Combine("&test=a&test2=b", "?test3=c") Result: "test=a&test2=b&test3=c"
View 5 Replies
Oct 7, 2010
I'm a novice ASP.Net/C# programmer, and had an experience only of a couple of projects during college and a couple of freelancing projects when I was recruited by a startup company to build their ASP.Net based website. I've just abut completed the website, and now since the company is not able to find a worthy enough SEO, I'm expected to do our site's SEO as well(which is a totally new experience for me). Did I mention that I'm the only Web Developer here?So, now as you'd expect a novice programmer having no concern for future SEO needs, I built up the site without giving due consideration to any of the SEO enhancement techniques.
The Problems:
ViewState - When is it required? Is it really required if I'm not creating any controls on the fly? I'm using DataControls though. And the website(the pages visible to the user not the CMS), is purely information based. Also, if I disable a control(ex: DataList)'s viewstate, will the viewstate of controls inside it also get disabled?(which is what I'd like actually)QueryStrings - Now comes the toughest part, I've used Query Strings to the extent that you can say that the website is QueryString driven, which unfortunately enough is not a good thing for SEO. To make matters worse, the QueryStrings for some pages are not uniform. For ex- In some cases the querystring may have variables A, B, and C, while in other cases it can have variables M, B, C and probably not all the three variables in some cases. Now, I know that I'd have to do url rewriting but these query strings have dynamic data fetched from the database tables of size more than 10,000 rows. So would I have to create functions for url rewriting and use regex to separate wheat from whaff?
View 1 Replies
Feb 28, 2010
I am trying to implement URL Routing for a non MVC application. Here's my original [URL] to [URL] I have difficulty when the page has query strings in the URL. This is the route handler I have so far:
public class CustomRouteHandler : IRouteHandler
{
public IHttpHandler GetHttpHandler(RequestContext requestContext)
{
return BuildManager.CreateInstanceFromVirtualPath("ProcessStuff.aspx", typeof(Page)) as Page;
}
}
View 1 Replies
May 5, 2010
i have a querystring like this : Comparison.aspx?id=4545&Product=foo&displaylevelname=128
it's being build by 3 hidden fields in a html tablerow based on checkbox selection.
but user can select multiple checkboxes (20) and afterwards
i need a querystring like this : Comparison.aspx?id=4545&Product=foo&displaylevelname=128;145;455;
So how do i go from :
Comparison.aspx?id=4545&Product=foo&displaylevelname=128
Comparison.aspx?id=4545&Product=foo&displaylevelname=145
Comparison.aspx?id=4545&Product=foo&displaylevelname=455
To Comparison.aspx?id=4545&Product=foo&displaylevelname=128;145;455;
View 4 Replies
Jul 20, 2010
I have a page with some value like this:
[URL]
what I want to do is when the user enters values on the page I want to be able to change "valueA" and "valueB" in the URL without redirecting, refreshing or posingBack. Does anyone know how to do this?
View 7 Replies
Feb 19, 2011
I have a gridview which can be filtered from one or more values in a querystring. That all works great: e.g. "?subject=Maths&authorName=Bond_James&type=Magazine"
The values passed to the query string come from 3 drop down lists: Subject, Author, Type. What I'd like is when the user presses "Filter" it will take the selected values from the drop down lists and pass them to the querystring - it could be 1 value, 2, or all 3 (like above).
The drop down lists have an item called "All Subjects" / "All Author" / "All Type" each with a value of -1. The idea being that if the user leaves these items selected then the Filter button just ignores them.
Here is my code so far:
[Code]....
Also, one more thing. How do I get the drop down lists to have the filters selected when the page re loads?
EDIT: I changed the default values of the drop down lists to "" - this leaves the URL looking messy though ?author=&subject=&type= This works, is it the best way?
View 2 Replies
Oct 20, 2010
I'm having problems with accessing querystring params in my page method. Everywhere I read it says you can access querystrings just fine, but when I try it just returns null, what's the problem?
same problem I found - [URL]
View 14 Replies
Nov 15, 2010
I am wanting to develop a URL Rewriting solution that handles postbacks and querystrings. I have found a couple of examples, but don't fully udnerstand the code and don't want to implement code I don't understand. Obviously at the heart of this issue is intercepting the raw url before the rewrite occurs, however, I am not sure exactly how to go about this.
View 4 Replies
