hi..all

how to protet querystring in our asp.net application.for example i hav a login form..i used querystring for passing information from one page to another.suppose we know the path we can easily access the account....i need to protect the querystring..any ideas.......plz help its very urgent...

Hi,

you can encrypt the querystring: http://search.live.com/results.aspx?q=asp.net+encrypt+querystring&form=QBLH.

Grz, Kris.

I suggest you don't use query string to pass important information like user name and password.

Please place them in session or other server side object.

If you prefer to query string, I suggest you use https to secure your request.

 I do agree with kerry

Agree, never ever use querystring for sensitive information, and never ever hide them in hidden fields or viewstate.

Always encrypt and store them in either session or cookie or custom (sql or files).

You can however use querystring for validation of a username or password. Example (not a good scenario):

A user is prompted for username and password, then submits the form. The page is redirected to another page for validation and sends the user name and password in the URL. Be aware that the user name and password is encrypted using a one way encryption hash with a little extra spice (your own phrase). At the validation side, you extract the username and passord from the database and hash this the same way you did on the latter page. Then you compare to the value, the one send in query string and the one generated at the validation page. If they match, then voila! if not, incorrect username or password sent back to the user.