All geek questions in one place

Should I encrypt the GUID passed by the URL parameters?

We are creating a Silverlight application and must have several parameters with a URL from the calling site.

example: http://oursite.com/index.aspx?test=d53ae99b-06a0-4ba7-81ed-4556adc532b2

We want to give the "test" line of the calling website, which refers to the GUID of our table, which tells the Silverlight application what this task is when they arrive. We also use this GUID for authentication in our application, among other things.

The GUID is as follows:

  • d53ae99b-06a0-4ba7-81ed-4556adc532b2
  • 8354b838-99b3-4b4c-bb07-7cf68620072e

The encrypted values ​​are much longer:

  • l5GyhPWSBUw8KdD + TpWJOsoOFDF0LzmGzd4uufLx + v / d3eByGZ6zPcRjvCRMG2tg
  • WVMN7B0FPa18 / B7 + U4njb5AOKnx6Ga9xoAsvCET6MyjM5TV6dO86OexaCXDiXaES

My question is, in view of security, should we provide them with a GUID, encrypted or, as it is, unencrypted?

Does it matter?

What does everyone experience when passing this type of parameter?

+4
source share
1 answer

For encryption, the key should determine your security context. What can someone do if they have access to the original GUID? If they cannot do anything dangerous, then there is no encryption of the points, and generally it is better not to encrypt. If any security risk associated with this information is publicly available, you better encrypt it.

Since you say:

We also use this guid for authentication in our application, among other things

... I assume that you will want to encrypt. But you may think about your authentication strategy. It is often better to use time-tested, well-accepted methods for things like authentication and encryption, as you can be sure that there are no unknown exploits.

+6
source

Source: https://habr.com/ru/post/1341004/

More articles:


All Articles