Clark,
Yes, you could use the "hidden/secret/unpublished" tag
(cfusion_encrypt and cfusion_decrypt) which the CF Administrator uses
to make it URL compatible but if you change app servers (BD or Railo)
or if they kill it you will be screwed.
The best way we have found to do this is to use a HEX encoding instead
which is fully URL compatible. We used base64 like you did at first
and ran into challenges long term. The algorithm we use is AES with
the Hex encoding. Yes it is a touch longer when compared to base64
but you never have to worry about dealing with special characters.
Below is an example of our code that we use:
encrypt(encryptedData, application.HexEncryptString, 'AES', 'HEX');
This generates code that looks like this:
EE86208453404F3EC5E3BCFBDBBA2FA5
FYI, to create a compatible AES Encrypt String use the following
<cfset myKey = generateSecretKey("aes")>
If you are using base64 now you can create a single function and test
for the HEX format and decrypt with it if passes and if not decrypt
with base64. Here is the test code:
<cfif ReFindNoCase('[^0-9a-fA-F]', arguments.str) EQ 0> <!--- 0 = yes
HEX format! --->
Only thing I am not sure about is if AES is available in the std
version of CF or purely enterprise. We have been using Railo lots and
it is there.
Regards,
Jeremy
------------------------------------------
Strategic Growth Services, LLC
Jeremy Bruck
jbr...@growstrategy.com
770-953-8643 x103
On May 7, 2009, at 10:42 AM, Clarke Bishop wrote:
I am building an eMail unsubscribe function, and I thought it would
be a good idea to encrypt the eMail address. In the email, I set the
unsubscribe link to:
unsubscribe.cfm?id= l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI=
But, this string isn’t URLEncoded, so I encoded it like this:
unsubscribe.cfm?id=l5N6axdBQlGDpyAklnmkjP%2BmfaauBKvfS9G9RzUQRJI%3D
But, I’ve still got a problem because when I URLDecode the
parameter, it alters the string.
Instead of: l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI=
I get: l5N6axdBQlGDpyAklnmkjP mfaauBKvfS9G9RzUQRJI=
It’s changing the “+” to a space. As a result, my decrypt fails.
My question is: What’s the best way to generally handle this
requirement? I know I could just replace the space with a “+”, but
I’m expecting there may be other characters that don’t get handled
correctly. And, I don’t want to get a bunch of unexpected errors.
I’m using ColdFusion 8 and doing the encrypt like this:
encrypt(ARGUMENTS.data, variables.theKey, "DESEDE", "Base64")
Is there a better encryption or encoding to use? Or, is there a
better way to use URLEncode and URLDecode?
Thanks for any ideas!
Clarke
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
