Last post Oct 02, 2019 06:44 PM by slimbunny
Oct 02, 2019 06:03 PM|slimbunny|LINK
my application sends out an email to users and in that email is a link back to the application,
I do not want the URL string to be clear text, how to I encrypt the URL string once it comes to my application, and then forward it to the respective page?
The URL string with parameters & characters cannot be identified within the email.
Oct 02, 2019 06:14 PM|bruce (sqlwork.com)|LINK
you encrypt the parameters not the string. after encrypting, you convert to Base64Url (a slight variant of base 64 encoding that's url safe).
of course when the link server redirects to the application url, the url will be in clear text.
Oct 02, 2019 06:16 PM|PatriceSc|LINK
This is a registration or confirmation link? It doesn't even need to be encrypted, it could be just a guid you'll match on the db side and that will then expire...
If you are talking about the host name or the path the server needs to know that to get what will process the link (though I saw once someone who wanted to use cryptic names fore its page with IMHO maybe no reason at all).
If a sensitive value is encrypted but the link could work if given, the problem is likely that you should first check permissions. For example on this site the link to your or my profile is public but the server check the user who is accessing this link
to allow or block changes.
Oct 02, 2019 06:44 PM|slimbunny|LINK
Well yes, this works very much like a confirmation link, except it is a internal application that sends notification that has a record ID in the url string. My goal is to conceal the url information so that it is not visible to the recipient users.
Thanks please continue to share your expertise.