Thanks Charlie! I’m doing exactly what you said: URLEncodedFormat(encrypt(string,key)).
The problem was that my encrypted string has a “+” in it, but URLDecode translated that to a space. Then, the decrypt failed! But, good suggestion on the try/catch. I probably wouldn’t have thought about it. Thanks! Clarke From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Charlie Arehart Sent: Thursday, May 07, 2009 1:40 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Encrypting URL Parameters Clarke, besides considering the other useful suggestions about whether it’s appropriate to even try those, or if there may be alternatives, I’ll say that I’ve done it before for other reasons, with code like this (where string was what needed to be encrypted, and key was the key for encoding/decoding): ?code=#urlencodedformat(encrypt(string,key))# I then was able to get the result with <cfset decryptstring = decrypt(url.code,key)> That worked for me, but perhaps there are aspects of the string you’re encrypting/encoding that I wasn’t hitting. Still, since you didn’t offer code, we can’t know if you’re doing the encrypt inside the encode, or vice-versa. I’ll add as well that if someone messes with the code then the decrypt will of course fail, causing an error, so you want to try/catch this. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Clarke Bishop Sent: Thursday, May 07, 2009 10:42 AM To: discussion@acfug.org Subject: [ACFUG Discuss] Encrypting URL Parameters I am building an eMail unsubscribe function, and I thought it would be a good idea to encrypt the eMail address. In the email, I set the unsubscribe link to: unsubscribe.cfm?id= l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI= But, this string isn’t URLEncoded, so I encoded it like this: unsubscribe.cfm?id=l5N6axdBQlGDpyAklnmkjP%2BmfaauBKvfS9G9RzUQRJI%3D But, I’ve still got a problem because when I URLDecode the parameter, it alters the string. Instead of: l5N6axdBQlGDpyAklnmkjP+mfaauBKvfS9G9RzUQRJI= I get: l5N6axdBQlGDpyAklnmkjP mfaauBKvfS9G9RzUQRJI= It’s changing the “+” to a space. As a result, my decrypt fails. My question is: What’s the best way to generally handle this requirement? I know I could just replace the space with a “+”, but I’m expecting there may be other characters that don’t get handled correctly. And, I don’t want to get a bunch of unexpected errors. I’m using ColdFusion 8 and doing the encrypt like this: encrypt(ARGUMENTS.data, variables.theKey, "DESEDE", "Base64") Is there a better encryption or encoding to use? Or, is there a better way to use URLEncode and URLDecode? Thanks for any ideas! Clarke ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
